Just a quick one as I got back from my holidays and got taken aback by a glitch in my XPS.

My right USB-C port stopped recognizing external devices yesterday: it would be able to charge my laptop through the regular charger but I couldn’t get it to recognize or charge neither my airpods or phone.

After digging a little bit around the Dell support forums I found someone having luck by just restarting the laptop (though letting it rest for a while).

So that’s exactly what I did — turned off the laptop, let it rest for a few hours (actually, overnight) and then turn it back on again… …and the problem was gone. Worth to notice that I also tried shutting it down for 1/2m and didn’t work out.

I do believe this is a firmware issue, and I noticed it kicked in by booting the laptop with a device connected to that port. Strange world!

I just got back from a week-long restorative holiday, where I found some time to go back digging into my Kindle library.

Based on Faraz’s suggestion, this time I picked up Working Backwards, a book that revolves around Amazon’s culture, its unique approach to solving organizational challenges and its pragmatic (albeit innovative) approaches to product development.

Little did I know this would be a great read, even though the style of the book is definitely unconventional.

Honestly, I have no words:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

$ fwupd.fwupdmgr refresh
WARNING: This package has not been validated, it may not work properly.
Updating lvfs
Downloading…             [***************************************]
Downloading…             [***************************************]
Successfully downloaded new metadata: 1 local device supported

$ fwupd.fwupdmgr get-updates
WARNING: This package has not been validated, it may not work properly.
Devices with no available firmware updates: 
 • Integrated Webcam HD
 • KBG40ZPZ1T02 NVMe KIOXIA 1024GB
 • UEFI Device Firmware
 • UEFI Device Firmware
 • UEFI dbx
XPS 13 9310 2-in-1
│
└─System Firmware:
  │   Device ID:          [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX]
  │   Current version:    1.1.1
  │   Minimum Version:    1.1.1
  │   Vendor:             Dell Inc. (DMI:Dell Inc.)
  │   GUIDs:              [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX]
  │                       [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX]
  │                       [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX]
  │   Device Flags:       • Internal device
  │                       • Updatable
  │                       • System requires external power source
  │                       • Supported on remote server
  │                       • Needs a reboot after installation
  │                       • Cryptographic hash verification is available
  │                       • Device is usable for the duration of the update
  │ 
  └─XPS 13 9310 2-in-1 System Update:
        New version:      2.2.1
        Remote ID:        lvfs
        Summary:          Firmware for the Dell XPS 13 9310 2-in-1
        License:          Proprietary
        Size:             26.7 MB
        Created:          2021-03-25
        Urgency:          Critical
        Vendor:           Dell Inc.
        Flags:            is-upgrade
        Description:      
        This stable release fixes the following issues:
        
        • Fixed the issue where there is no audio output from the external monitor when you close the lid after restarting the system.
        
        Some new functionality has also been added:
        
        • Updated the Intel Management Engine to enhance the Thunderbolt connectivity.
        • Updated the Embedded Controller Engine firmware to enhance the battery life.
        • Added secondary function key that is Fn+Left as Home and Fn+Right as End.

$ fwupd.fwupdmgr update
WARNING: This package has not been validated, it may not work properly.
Devices with no available firmware updates: 
 • Integrated Webcam HD
 • KBG40ZPZ1T02 NVMe KIOXIA 1024GB
 • UEFI Device Firmware
 • UEFI Device Firmware
 • UEFI dbx
Upgrade available for System Firmware from 1.1.1 to 2.2.1
XPS 13 9310 2-in-1 must remain plugged into a power source for the duration of the update to avoid damage. Continue with update? [Y|n]: 
Downloading…             [***************************************] Less than one minute remaining…
Decompressing…           [***************************************]
Authenticating…          [***************************************]
Authenticating…          [***************************************]
Updating System Firmware…[***************************************]
Scheduling…              [***************************************]
Successfully installed firmware

An update requires a reboot to complete. Restart now? [y|N]: 

Over the past few months my 2.5yo Dell XPS 13 has started showing signs of age, and I had to worry both about my keyboard as well as the battery.

I haven’t really managed to replace the keyboard yet (I’m too scared of doing it on my own, so I’ll wait to go back to the office and ask the IT folks to do it for me), though I managed to replace the battery (got it from Noon) since my old one was at <40% capacity.

A factor that contributed to the battery’s demise was definitely the fact that, through a recent kernel update, the laptop started shutting down in s2idle sleep mode, which is short for “no bueno” — it basically means that the system will use a pure software implementation of energy savings.

Over the past couple of years I’ve grown my interest in image and data compression — it’s a very interesting field, with a lot of interesting solutions to important and lucrative problems (think Dropbox).

Over the past few days I was running some experiments and bumped into an interesting concept: pairing positive integers into a “unique” number, with the ability to reverse the operation.

Now, in the context of compression, pairing would only be useful when the resulting integer can be consistently represented with less bits than the original ones, and that’s where I’m still stuck at (more on this on a later post), but I still wanted to share a couple interesting approaches I’ve bumped into.

Remember me? At the end of last decade I shared a post on a simple way to run a Kubernetes cluster for local development.

Today I’d like to show the other side of the medal — running your CI environment on Kubernetes (through Github Actions).

It’s simple, mimics your production environment and it’s automated — let’s get to it!

Short post for the day to address an hopefully even shorter-lived situation we’re all in.

This decade’s about to wrap up, so I decided to spend some time describing my development workflow as the year nears its end.

What I find interesting in my setup is that it entertains working on a local k8s cluster — mainly to keep in touch with the systems that run in production.

Running k8s locally isn’t what you’d want to do to begin with, but rather a natural path once you start wanting to replicate the environment that runs your live applications. Again, you don’t need a local k8s cluster just ‘cause, so make sure you have a good reason before going through the rest of this article.

I’m pleased to announce (even though you might have already heard about this on my Twitter stream) that the ebook on web application security I’ve been working on over the past year is now officially available for sale, at the hopefully-reasonable price of $6.99 $9.99.

You can now buy the book at leanpub.com/wasec, while Kindle enthusiasts will have to wait a few more days for it to become available there: it is currently available for pre-order and should be generally available in the next few days.

WASEC is the culmination of over a year of thoughts regarding my experience with web application security from the point of view of a software engineer, rather than the one of a security researcher. I believe software engineers might find it extremely interesting as it approaches defensive security from the point of view of someone who has to build an app and needs to keep security into consideration among other things.

This post is part of the ”WASEC: Web Application SECurity” series, which is a portion of the content of WASEC, an e-book on web application security I’ve written.

Here is a list of all the articles in this series:

1. Web security demystified: WASEC
2. Introduction
3. Understanding the browser
4. Security at the HTTP level
5. HTTP headers to secure your application
6. Hardening HTTP cookies
7. Situationals



If you’ve enjoyed the content of this article, consider buying the complete ebook on either the Kindle store or Leanpub.

Often times, we’re challenged with decisions that have a direct impact on the security of our applications, and the consequences of those decisions could potentially be disastrous. This article aims to present a few scenarios you might be faced with, and offer advice on how to handle each and every single of them.

This is by no means an exhaustive list of security considerations you will have to make in your day to day as a software engineer, but rather an inspiration to keep security at the centre of your attention by offering a few examples.