Blog‎ > ‎

2016 topic dump continued (3/3)

posted Dec 30, 2016, 6:48 AM by Sami Lehtinen   [ updated Dec 30, 2016, 6:48 AM ]
  • Cloudflare HTTP/2 demo - and under the hood technology description.
  • Using Google's Physical Web URL Eddystone beacons (Bluetooth Low Energy, BLE) to spread geographically targeted malware?
  • Had some issues with Peewee ORM doing data aggregation, but unfortunately I don't remember anymore the exact issues.
  • Login forms over HTTPS - That's obvious. Nothing new there.
  • Important URLs for all Google users - Quick links to manage your privacy, security and history settings.
  • Europol Public Awareness and Crime Prevention Guides
  • Watched a great documentary series about cyber fraud and crime.
  • Let's Encrypt leaked email addresses. - It's funny how services which are security oriented can leak user data. So what would you expect from 'normal' non-security oriented sites?
  • Watched a long documentary / lesson series about deep learning. Very easy or hard, depends about the level you're diving into it.
  • NIST Special Publication 800-63B Digital Authentication Guideline - Well, as said. SMS is insecure way of authenticating people.
  • Studied some Skein and Threefish related source code and Tweakable Authenticated Encryption (TAE) mode.
  • It's so easy to be blind to own mistakes, especially if quickly iterating between different versions. Some of the documentation had painful inconsistencies, which most likely are caused by the developer changing his/her mind on something, and only partially updating documentation / source comments. Ugh! Yet, I'm personally very guilty to the same fails quite often.
  • Another thing is hastily written text where there are blatant typos / spelling errors. Ouch, that hurts. It's just like by blog. I'm just dumping stuff, not writing a book.
  • HTTP/2 might be vulnerable to Slow Read, HPACK Bomb, Dependency Cycle Attack and Stream Multiplexing Abuse. Unless the server application is hardened against these attacks.
  • Quickly played with Redmine. But I don't think I've got enough time to try all the project management tools out there properly.
  • Mobile Privacy & Security: It's only safe to assume that nothing you do on Android phone would be actually private.
  • Schneier IoT Security - Nothing but the truth. Security will suck, and it will suck even more!
  • IoT privacy. It will be interesting to find out how much data all the IoT devices will be storing and who's going to get access to that data and based on what, etc. But this is so hot topic, that it's certainly guaranteed that we will find it out sooner or later.
  • DBaaS is coming more and more popular. Yet it's not nearly suitable for all use cases. One of the major issues is latency. This means that there are many applications where DBaaS can't be used, because the Application Server and the database needs to run multiple queries and make processing. And then deliver final data to the client. I've seen "chatty apps", which start to get slow or extremely slow as soon as the database latency gets above 1 ms. Yet of course this is nothing new. If it's possible to get something simple, like whole document based on key, then it's great. Yet any REST API would do it, instead of using DB protocols.
  • Absolutely awesome article about Data Projects failing. Been there, done that.
  • Quicky checked SAS language - Yet I don't see any personal use for it. Skipping.
  • I don't understand Python AsyncIO. Neat. Could we make this bit more complex plz? One of the things I love about Python. Is being quite simple and straight foward. This doesn't look anything like it.
  • Found out a few interesting ways to generate indirect spam for marketing purposes. Hah, it can be trivially and fully automated. But because it works well, can't tell more about it here.