The Changelog: Software Development, Open Source - Firefox supports blockers, NATS is great, Uber's MFA fatigue, OAuth2 drawn in cute shapes & an aging programmer (News)
Episode Date: September 26, 2022Mozilla says Firefox will continue to support current content blockers, Nabeel Sulieman thinks NATS is great and recommends you check it out, InfoQ breaks down Uber's recent security breach, Klemen Se...ver explained OAuth2 by drawing cute shapes & Jorge Manrubia reflects back as an aging programmer.
Transcript
Discussion (0)
Hello friends, I'm Jared, and this is Changelog News for the week of Monday, September 26th,
2022.
Let's do this.
Mozilla reaffirms that Firefox will continue to support current content blockers.
Why does this matter?
Because Chrome, and Chromium-based browsers
like Edge and Brave are moving to a new manifest, version 3, which hamstrings version 2's blocking
web request API. This API powers many blockers, such as the massively popular uBlock origin
extension. To be clear, content blocking will still be possible in Chrome once Manifest V3 rolls out, but it will be limited in what all you can do.
For example, setting up custom filter lists or using multiple extensions that rely on the API might run you into artificial limits set by Google.
As we all know, the Goog is highly incentivized to block ad blocking.
Give it a Goog!
Now that Mozilla has reaffirmed their position, a renewed interest in Firefox has been on display on social media sites like Reddit.
Over the years, Firefox has seen its once substantial browser market share dwindle
to low single digits. Maybe this is just the boost it needs to remain relevant and fight back against Google's web browsing hegemony.
Nabil Suleiman thinks NATS is great and recommends you check it out if you're running any kind of microservices architecture.
What is NATS exactly?
Nabil describes it as a lightweight, easy-to-deploy service that provides pub-sub functionality with very little fuss.
His blog post on NATS started a nice discussion on Changelog News where Dwayne Bradley agreed that more people should investigate NATS.
He says there are so many things you can remove from your infrastructure by using it.
Things like load balancers, firewalls, VPNs, traffic shapers, service meshes, Kubernetes, and more.
That's a compelling list of things you might not actually need.
Did you hear about Uber's recent security breach?
Did you hear about how it went down?
Turns out it was a new vector for the oldest technique in the book, social engineering.
The attacker disguised themselves as Uber IT and spammed the target
with repeated multi-factor auth requests until they eventually authorized access. Uber believes
the attacker had previously purchased the user's password on the dark web and performed this MFA
fatigue attack to subvert the last line of defense. Once they had access to Uber's intranet,
they scanned the network until they
found a PowerShell script with admin credentials, and at that point, it was pretty much over.
Speaking of OTH, you know what's difficult to grasp? OOTH 2. Aaron Parecki spent an entire
episode of the changelog with Adam and I explaining it to us, and by the end, he was like,
Do you understand the words that are coming out of my mouth? episode of the changelog with Adam and I explaining it to us, and by the end he was like,
do you understand the words that are coming out of my mouth? But here's some good news if you're a visual learner. Clemon Sever explained OAuth 2 by drawing cute shapes. Describing those cute
shapes would be a waste of your time and mine, so we'll just link to his drawings in the show notes.
One person on Twitter had this to say about Clemon's effort. I thought it's going to be one of those cringe, look, I just bought an iPad with a pen drawing,
but these were actually pretty good. To which Clemon responded, thanks, I guess.
That's maybe the best compliment of my life. Jorge Manrubia writes, quote, back in college,
they told me that I would start my career writing code, but eventually I
would move to a position where I would ask others to code my designs. To celebrate that this turned
out to be completely false, here are some assorted reflections as a 40-year-old programmer that looks
back, end quote. What follows is a bulleted list that includes thoughts like, I don't enjoy
switching contexts. My perfect agenda is composed of a single meaty task I can focus on for days.
And I am way more cautious when deploying things.
He finishes up by answering a Quora thread which asks,
Do people lose interest in programming as they age?
Is it accurate to expect that older programmers are slower, make more mistakes,
and would rather be doing something else such as managing programmers?
Jorge's answers? No, no, and no.
That is the news for now.
We'll be back in your ear holes on Friday when Adam and I are joined by our good friend Losh Wickman,
or as we Americans lovingly refer to him as, Lars Wickman, to support our chaptering efforts.
Losh wrote an open source Elixir library for us that reads and writes ID3V2 tags.
He picked up a bunch of esoteric knowledge along the way.
Like, did you know each MP3 may have an embedded populomerator?
Populorometer?
Bulerometer? Inside the file?
I had no idea.
If you like nerding out on specs, waxing nostalgic for the good old days of
Napster, or ever wondered what it's like to have me hire you to write some code, you're going to
enjoy this one. Have a great week, and we'll talk to you again real soon.