Shownotes Transcript
In this episode Joe introduces us to more security items you should be aware of in the world of CWE’s, Michael bends to the will of Joe and Allen in his favorite portion of the show, and Allen pontificates on the time spent setting up IDE’s and environments.
Reviews – Thank You!
iTunes: Vlad Bezden, Mom in VA, Make1977
Spotify: chutney3000, Xuraith
Upcoming Events
- Atlanta Dev ConSeptember 7th, 2024https://www.atldevcon.com/)
Topics
Open Telemetry
The backend mattershttps://opentelemetry.io/ecosystem/integrations/)
Some backends are more fully featured than others
Splunk Trace Analyzerhttps://docs.splunk.com/observability/en/apm/apm-spans-traces/trace-analyzer.html)
Google Trace Explorerhttps://cloud.google.com/trace/docs/finding-traces)
Azure OTel Guidehttps://learn.microsoft.com/en-us/azure/azure-monitor/app/opentelemetry-enable?tabs=aspnetcore)
AWS OTel Informationhttps://aws.amazon.com/otel/)
The processor can decouple youhttps://opentelemetry.io/docs/collector/configuration/#processors)
CNCF – Cloud Native Computing Foundation
If you’re working in a cloud environment, you should know the projects herehttps://www.cncf.io/projects/)
Super cool visualization tool for the projectshttps://landscape.cncf.io/)
Llama 3 – the next version of Meta’s AI engine
- “Now available with both 8B and 70B pretrained and instruction-tuned versions to support a wide range of applications”https://llama.meta.com/llama3/)
Environmental concerns over the processing required for AI
Power requirements for processing some of the LLM’shttps://www.nnlabs.org/power-requirements-of-large-language-models/)
The Microsoft underwater datacenterhttps://news.microsoft.com/source/features/sustainability/project-natick-underwater-datacenter/)
Setting up IDE’s and environments
IDE vs old school debugging
Setup can require a significant amount of time
Is it worth it?
What if you’re just working on a bug?
Security Resources
What’s the difference between CWE and OWASP?
CWE (Common Weakness Enumeration) is a community-developed list of common software and hardware weaknesses.
It’s similar to OWASP, but older (1999 vs 2001) and more general – including non web apps and (more recently) hardware
The infamous “NVD” database links CVE (Common Vulnerabilities and Exposures) to CWEhttps://nvd.nist.gov/vuln/detail/CVE-2021-44228)https://cwe.mitre.org/top25/archive/2023/2023_trends.html)
Tips
Pre-warning – probably wouldn’t recommend installing this!
Saw a cool Windows utility called “Windrecorder” that records video and text from your desktop, and lets you rewind and search.
Uses ffmpeg to record screen into small 15-minute fragment files
Search(by window titles, text keywords, or descriptions of images)
Everything happens should only on your computer
Cons: No instant rewind (have to be out of the window), Storage is unencrypted, Not much LLM / ML fancy stuff…and securityhttps://tonoko.notion.site/I-made-an-open-source-app-to-rewind-search-everything-happened-on-your-screen-on-Windows-184d1a9d5edb494dba0c2f46d311ec5c)https://github.com/yuka-friends/Windrecorder)
MacOS’s Spotlight is more powerful than you maybe knewhttps://www.intego.com/mac-security-blog/spotlight-secrets-15-ways-to-use-spotlight-on-your-mac/) https://beebom.com/spotlight-tips-tricks/)
If you’re grep command isn’t working like you thought it should, you might be a victim of content getting kicked out of the buffergrep --line-buffered
iOS – get text from imageshttps://support.apple.com/guide/iphone/use-live-text-iphcf0b71b0e/ios)