The Truth: Sudo and Python Bugs, Libra Incorporated, 5G Scare

Tuesday, 15 October 2019

Hello again! Today, we have some news of a rather dumb problem with Python if you are trying to do science and some stories on smart refrigerators and Facebook’s Libra project.

If you use sudo on Linux to allow users to run commands as any other user except root, you might want to look into CVE-2019-14287: “When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.” Why would you want to set up sudo in such a way, you ask? I have no idea!

I will also never understand why you would buy a smart refrigerator. What amazing feature could it possibly have that make up for its software being horribly insecure and just waiting to be hacked? The Register has spotted one such device from Samsung in a shop, complete with embarrassing certificate errors.

Apparently, if you run the same Python script on different operating systems, it can produce varying results. Which is rather alarming if you are trying to do scientific experiments with it. “There’s actually a problem with the code, to the point that it depends on which computer you’re using.” It turns out that this is due to underlying system call implementations. The guys writing the original Python scripts should have protected them against this.

Despite lots of criticism and the threats of several governments who don’t want Facebook to create its own currency, the Libra project has moved to incorporate its government structure. Andreessen Horowitz, Coinbase, Lyft, Spotify, Uber and Vodafone – among others – are on board. Additionally, “1,500 entities have indicated interest in joining the Libra project effort, and approximately 180 entities have met the preliminary membership criteria”. Founding members PayPal, eBay, Visa and Mastercard had jumped ship recently. The project is based in Switzerland.

The city of Brighton and Hove in the UK has blocked the building of 5G masts based on a petition citing health problems like “increased cancer risk, cellular stress, increase in harmful free radicals, genetic damages, structural and functional changes of the reproductive system, learning and memory deficits, neurological disorders and general negative wellbeing in general on humans” that 5G is supposedly causing. A shame that there seems to be absolutely no scientific basis for any of this. As The Register remarks: “The latest victory in the battleground against common sense”.

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.