Hacking the NES Classic, Evidence-based code review, and more news

The problems with AMP and the security corner round out the news. Read on...

Share this using the hashtag #SWE.

Yes, it runs Battletoads. The hottest toy with artificial scarcity for the 2016 holiday season was the NES Classic, a tiny device that comes preloaded with 30 of the most loved classic NES games. Unfortunately, Battletoads was not part of that list, so enterprising hackers figured out a way to jailbreak the console and put whatever NES ROM images you want on it. If you’re not interested in adding more games, maybe you can use it as the world’s most-coveted Linux computer.

The DMCA still sucks. If you read the prior article, you saw how cumbersome jailbreaking the NES Classic actually is. It’s possible to make it easier, but you should check out this article from Boing Boing that explains why the law contributes to the difficulty — and why that’s a bad thing.

Code reviews don’t necessarily do what you think. LinkedIn engineer Nikolai Avteniev writes a great summary of the empirical research around code review and discovers that peer review of code seems to be “better suited for knowledge sharing and code improvements than for eliminating defects.” Seems to me these are still worth doing, but you may need to think about why you are doing them in your team.

AMP has some problems. Google’s AMP project exists to try to make the mobile web experience better. It does this through limiting content creators to a severely-restricted subset of HTML and requiring that all AMP pages be stored in Google’s cache. There are some problems with this, as you might imagine, and this article does a great job explaining some of them.

Ever wonder how the Linux kernel initializes userspace? If you understand shell scripting, here’s your answer. Everything up to executing init is lucidly explained with good comments, too.

Microsoft announces new privacy controls for Windows 10. The Internet is not thrilled, but Microsoft recently announced new privacy controls coming to the “Creator’s Update” for Windows 10. Part of the controls include a new dashboard that you can log into to see and manage the data Microsoft has collected on you. What they don’t include, still, is a way for most people to actually turn off the incessant phoning home that Windows 10 is famous for. (Even the ‘off’ level, for those who are allowed to use it, still sends a bunch of data back to Microsoft!)

Want to remotely control a DOS machine? ‘Course you do. Luckily, TINY exists, which is basically VNC for DOS. Yep, there’s still tons of people who use DOS for various reasons (think industrial controls,) and with TINY, you can remotely control those sessions from a ‘modern’ OS.

Stack Overflow wants to survive the next DNS attack. They’ve prepared documentation about how they will survive future DDoS attacks against DNS, like the one that crippled Dyn and their customers late last year. It’s a good overview about how to mitigate against some of the weaknesses that DNS introduces.

The security corner: WhatsApp has a vulnerability (or doesn’t?), Tor is free for iOS, and ransomware is the newest billion-dollar industry:

• In news that I’m certain surprised absolutely nobody, the popular WhatsApp chat/video/voice client and floor wax was revealed to have a vulnerability in the protocol that could potentially break perfect forward secrecy and allow a nefarious actor to get your messages. WhatsApp insists this isn’t really a vulnerability but instead a conscious user experience decision and that we should all just calm down, as does Signal protocol (the encryption method used by WhatsApp) creator Moxie Marlinspike. Personally? My take is that any crypto product you can install from the App Store isn’t really secure.
• The Tor client Onion Browser for iOS is now free of charge. The Ars Technica article about the change talks to the developer but also discusses why Tor clients on iOS aren’t as great as ones on Android. That said, are many serious Tor users actually using iOS in the first place?
• According to the FBI, 2016 saw ransomware payments exceed $1 billion, an extremely sharp increase from 2015, where the amount was $24 million. Sounds like the opportunity is getting good for security folks who can protect enterprises from this stuff.

As always, we’re continuing to experiment with the best way to deliver this content. If you have feedback, or think there’s something I should cover next time, leave a comment!

Cover photo: WhatsApp running on a Nokia E6. Mint / Getty Images