Monday, March 11, 2024

Hacking Software Developers

I recently heard about an interesting hack that was targeting software developers, especially those on Linux. It basically tricks developers into installing malware on their computer by way of a fake job interview and downloading code from a public code repository.

During an initial call, the fake company asks you to complete a software development exercise by downloading a project from GitHub. The project, which contains a ZIP file, has a seemingly benign non-executable file named something like “readme․pdf” except that the dot, in the filename, isn’t a simple dot/period but rather a symbol that looks like a period such as U+2024. In other words, the OS doesn’t see a file extension (PDF in this example).

When the developer double clicks on the file, it executes. Typically, on Linux, a user must manually chmod a downloaded file to set the executable flag (i.e. chmod +x readme․pdf). However, since this filed was embedded in a ZIP file, the executable meta data can be preserved. Also, a password is sometimes added to the ZIP file so even smart virus protection software can’t scan the ZIP file. 

This is a Homograph Attack using Unicode Deception. Two things to be suspicious of this attack is the zipping of small-sized files and the password on a ZIP.

Here are the details on the hack

Friday, February 9, 2024

 Vision Pro Demo

I tried out the  Vision Pro demo at my local Apple Store, today.

BLUF: It's an impressively cool piece of wow. I'd equate it to a Tesla (separate the man from the machine). 

Today's 30-minute scripted demo highlighted most of its key features. When I put it on, it didn't feel like I was looking at a display... it seemed more like I was looking straight through the device at my surroundings. The 3D photos, movies, and the immersive experiences were phenomenal. I was impressed at how well the windows locked into place without moving in the slightest. However, I didn't get an opportunity to type anything or go off script. 

 Vision Pro demo area with eyeglasses Rx reader
At the end of the day, I can see where spatial computing is going. We're seeing tomorrow's ideas implemented using today's technology. This is Apple's worst version of any spatial computing device they'll design. Future versions will continue to improve, so I'm eager to see where this leads us. 

Tuesday, January 9, 2024

iPhone Announcement Anniversary

January 10, 2007

The first iPhone was announced 17 years ago, today, approximately 41 minutes into Steve Jobs's MacWorld Keynote address. This is the reason that Apple ads display 9:41 AM in their marketing materials. 

At the time, I was working as a software engineer at the Apple Online Store. Like everyone else, I was surprised and amazed at the product announcement. 

The next day, I printed out a color image of the iPhone, glued it to corrugated cardboard, and sent photos of me holding it to friends joking that I had an actual iPhone and pointing out that the photo wasn't photoshopped. (The iPhone wouldn't ship until six months later.) My coworker and I even took photos of us holding the cardboard cutout in front of 1 Infinite Loop.

I wouldn't see an actual iPhone in the wild until sometime later when I was in a meeting and Tim Cook walked in, pulled it out of his pocket and flashed it at us while saying, "This is so cool." We were all champing at the bit to get our hands on one.

Thursday, January 4, 2024

A Love for Amazon

Amazon has cracked the code on keeping customers.

A coworker used to work at Amazon for four years. He told me that Jeff Bezos believed there was nothing more expensive than losing a customer. Hence, the reason why returns are so easy with Amazon, even though Amazon may eat those costs in the short term. Last night was no exception.

AWS Hack

In 2014, my Amazon Web Services account was hacked. Ten days into the month, I noticed that my bill was already a thousand times larger than my typical bill. Amazon recognized the hack and gave me amnesty for the entire bill. 

Spreading the Profits

Amazon had their first profitable quarter in the fourth quarter of 2001 when they earned $5 million in profit on revenues of over $1 billion.¹ Bezos wanted to share this profit with customers.

Tech companies typically don't pay dividends to investors. Even today, Amazon doesn't pay a dividend. But sharing profits with customers is very unusual. In this case, the profit shared with each customer amounted to less than $1/customer. As insignificant as that sounds, Bezos found a way to make it meaningful.

The price of a USPS First Class postage stamp was increasing in January 2002 from 34¢ to 37¢. Back then, "snail mail" was much more popular than today; not everyone had an e-mail account. Each price increase in postage was a challenge before April 2007 when the post office introduced the Forever Stamp. Before the Forever Stamp, a person had to buy 1¢ stamps to add to postage. This was a hassle and many people, including myself, would, for example, simply put two 34¢ stamps on a letter instead of a 34¢ stamp plus three 1¢ stamps. It seems like a waste of money but our personal time, to purchase additional 1¢ stamps, is worth something to each of us.

Bezos's solution was elegant. He recognized this inconvenience of needing to buy 1¢ stamps, so he had Amazon send a bunch of 1¢ stamps to their customers. I remember thinking how brilliant this was when I received them.

Last Night

Two days ago, I received my shingles #2 and pneumonia vaccines. The shingles second vaccine is the same as the first one, which I received on its own, without much discomfort. But, yesterday, I felt sick and I feared Covid because, on New Year's Day, I had breakfast with someone who tested positive for Covid, the next day – the same day I received my vaccines.

I took my temperature yesterday morning and it was fine – no fever. In the evening, when I took it, my thermometer was displaying a fever of 100.7°F. But the display was blinking which meant the battery was too low for a reliable reading. I looked on Amazon for a replacement battery. But there was no practical option that would arrive in time plus I couldn't buy a single battery which would be a waste.

Instead, I ordered a new thermometer around 6 PM and I paid an extra $3 so it would be delivered the next morning between 4AM and 8 AM. However, to my surprise, Amazon delivered it about an hour later. I took my temperature with the new thermometer and all was well – no fever. 

It's unusual for Amazon to move up a delivery by one day. I'm speculating that they know, if someone is paying extra for a faster delivery, for a medical item, that it's urgently needed. So, it seems they were able to expedite my delivery to give me peace of mind. I greatly appreciate that and it pays to live very close to downtown San Diego.