Leap seconds are hard, teaching a computer to ‘drive’ with TensorFlow, and more news

Security stories and a secure typewriter round out the news. Read on...

Share this using the hashtag #SWE.

Leap seconds are hard. The know-it-alls at the International Earth Rotation and Reference Systems Service (what a cool thing to put on a business card) added a leap second at the end of 2016, wreaking havoc across the internet again. Despite continuing to add leap seconds, internet sites continue to be unable to handle them without problems. The most notable outage this time occurred for DNS provider and internet glue CloudFlare. Want to deal with leap seconds in your code? Software consultant Kevin Burke provides good advice here.

Would you like to play a game? Teaching a computer to drive is something that Alphabet and Tesla have been trying with mixed results. But how about teaching a computer to drive Mario Kart? This article from Shopify developer Kevin Hughes explains how he used TensorFlow to train a computer to drive around a Mario Kart level. Ah, they grow up so fast.

The video to end all videos regarding the Game Boy. Learning about the times when developing games was a challenge that involved walking uphill both ways each time is a great way to spend an hour. This talk from 33C3 explains more detail than you ever thought you’d want to know about the Game Boy hardware and its software development process. A useful watch before you dive in to the Game Boy block at Awesome Games Done Quick.

This typewriter can ‘encrypt’ your messages. Mattel’s Barbie Typewriter, produced by Mehano, actually has 4 separate mono alphabet substitution ciphers built-in, and provides capability to both encode and decode messages. If your children want to run a business, this shows us it’s never too early to teach them about privacy.

New Year, New Job? Dropbox SRE and Hackbright Academy alum Krishelle Hardson-Hurley writes a great post giving people tools for organizing their job search after a bootcamp, but the lessons are great for anyone who’s looking for a new opportunity in software. Also, not on the list but highly recommended: Acquire a LinkedIn premium account. (Hey, we gotta pay the bills around here somehow.)

There’s a tiny port hidden in your car that tells all. Learn more about the OBD port and its history in this piece at Hackaday that explains what the port does and why it’s worth knowing about.

/dev/urandom is fine. Really. That’s the lesson from this piece by software engineer Thomas Hühn going into depth about the (lack of) differences between /dev/random and /dev/urandom in modern UNIX-type systems.

Want to be the best at responding to incidents? PagerDuty Senior Engineer Rich Adams writes about PagerDuty’s newly open-sourced incident response documentation, discussing how they respond to incidents and why it’s important to have a plan. Recommended reading for anyone in an operational role.

Are deadlines something that make sense in an Agile world? If you know about Betteridge’s Law of Headlines, you’re probably not reading this, but it turns out I tricked you, and the answer is yes, at least according to Agile Coach Eric Tucker. Eric’s piece suggests that deadlines can be managed well in an Agile environment. Agree or disagree? Tell me (or him) in the comments.

PHPMailer leaves swaths of the Internet insecure, KillDisk now targets Linux, and a bunch of Netgear routers should not be used:

• In news that I’m certain surprised absolutely nobody, a security researcher discovered a vulnerability in the PHPMailer module that provides remote arbitrary code execution. PHPMailer is used in WordPress, Drupal, and Joomla, in addition to other software.
• The KillDisk ransomware now targets Linux, editing the grub.conf to display its ransom message. Unfortunately, the Linux version doesn’t actually save the encryption key it uses anywhere… but fortunately, there’s a flaw in the Linux KillDisk code that lets you recover the files anyway. Good thing, because this particular ransomware wanted an extortionate 222 bitcoins, with a street value of nearly $225,000.
• Please stop using Netgear routers with a trivially-exploitable security bug. Remote code execution that is ‘trivial’, according to CERT, is just a step away for many consumer-grade Netgear routers. The exploit works without any authentication (thanks to an XSRF bug) and doesn’t require the router’s management interface to be exposed to the Internet. Edited to add: After the Ars Technica article was published, Netgear released a new firmware version that fixes this exploit. If you're running a Netgear router, check (and update) the firmware regularly. Heck, update your router's firmware regularly even if you aren't running a Netgear router.

As always, we’re continuing to experiment with the best way to deliver this content. If you have feedback, or think there’s something I should cover next time, leave a comment!

Cover photo: The Mehano Barbie Typewriter - image from the Crypto Museum.