What is it about the Australian government and technology?

Pot of pickled peppers

So this government Covid 19 tracking app is an interesting idea – they even said that they would release the source code…. all very good, I’m thinking I may even install the thing… but then today I read this!

https://www.innovationaus.com/sovereign-capability-and-that-shocking-aws-deal/

To sum up it’s yet another govenment SNAFU…
From the article…

“You really have to wonder what kind of crisis would be needed for the Australian Government to use Australian technology providers for jobs that are well within their capability. “

Update 18 May 2020
Some interesting reading hear. The app it’s self seems reasonable but without the back end code questions still remain.
https://www.qte.am/reading-room

Update 14 May 2020
https://www.theage.com.au/politics/federal/security-report-reveals-some-covidsafe-information-could-go-overseas-20200514-p54t2o.html

https://www.theguardian.com/law/2020/may/14/questions-remain-over-whether-data-collected-by-covidsafe-app-could-be-accessed-by-us-law-enforcement

Update May 24
https://www.theguardian.com/world/2020/may/24/how-did-the-covidsafe-app-go-from-being-vital-to-almost-irrelevant

Terminal escape injection techniques

It’s interesting in that shell scripts (small one’s) seem just like friendly bits of code that you can run. That’s not always the case, it’s probably never a good idea to just download a script and run it (esp using curl or wget). I discovered this very interesting article the other day about terminal escape injection and it works on pretty much every platform – mac, windows linux and even within python!

When in dought use cat -v in fact cat -v may be my new default for viewing code!

https://www.infosecmatter.com/terminal-escape-injection/