Blog‎ > ‎

AMP, asyncpg, Python Secrets, WA 2FA, LAN protocols, LinkedIn, Crypto, PostgreSQL, Ubuntu 17.10

posted Oct 20, 2017, 8:09 AM by Sami Lehtinen   [ updated Oct 20, 2017, 8:11 AM ]
  • Several articles about AMP. Well, AMP is slower than fast website with CDN. So why would anyone use AMP? I personally don't like it too much. I believe in lightweight bleep free websites.
  • Played a little with asyncpg. That's fast. I'll use it if and when required with suitable setup / configuration / use case.
  • Tested and played with Python 3.6.0 secrets module.
  • Am I the only one who finds the WhatsApp constant two-factor authentication (2FA) reminders extremely annoying? Of course I go the 2FA key stored safely. It doesn't mean that I would need to remember it.
  • Reminded my self about a few things before local area network (LAN) management meeting:
    MSRPC, mDNS, WMI, IPC, SMB, and neat tutorial about calling RPC functions over SMB.
  • Whoa, LinkedIn SMS 2FA is working again. It was broken, and they claimed it was my fault. It took them a week to admit and fix the issue, but now it's working again. I'm not happy about the initial response. But in average, the end result is better than usual. Most of helpdesks just feed you FAQ lies and don't even bother to look at the problem. Getting the problem actually fixed is quite rare. I'm still asking LinkedIn to add backup codes to 2FA, and allowing TOTP as alternative 2FA method.
  • Person being held prison as not divulging the password? You'll just need to XOR these together: random: ea74f9e9db9c514f data? : 8c019a82fbe53e3a Got my point? Random can be anything. As well as data can be anything. So it's possible to produce whatever 'evidence' is required. Often when talking about encryption, the random is pseudo random stream derived using some algorithm and then used with cipher. But it might or might not be that way. Everything is possible. Mixing bits around is trivial, making it in secure way is harder.  In some cases there's no password. The data can be on one device and the 'random' can be on other device. Also the random or the data part can be encrypted. - This is actually where 'standard encryption' is bad. Because it makes it pretty easy to know if it's cracked or not. Everyone also says that using standard crypto is a good idea, and doing something non-standard is a bad idea. But it's not always that simple. When using non-standard crypto, it makes many things very much harder. And at least the attacker needs to use valuable resources like cyrpto experts to try to decrypt to data. That's why some times bad crypto might be actually better than high end standard crypto.
  • Is PostgreSQL good enough? - I've believe, that the answer is usually yes. I'm also often thinking that SQLite3 is also good enough for most of cases. Of course it's possible to mix dozens of technologies and then spend months or years having issues with those, as well as complicating setup, configuration, installation, version management, etc all with excess complexity. When you could just use a simpler approach. Some projects are large, require different technologies. But for many projects, using mess of technologies is guaranteed way to hinder development. You'll end up tinkering with different cool tech toys, instead of getting the job done which pays the bills. We're making products / services to solve customer problems. Not to do academic research on different ways how to to accomplish same thing, using other neat technologies. - It's easy to forget how much research and study is required to make any new tool actually usable in production and so that everyone understands how it works. - Because it's often a real challenge to get that done even with one technology. - Afaik, it's newbie mistake trying to mix every possible design, paradigm, library, framework, something cool, and new, in a single project. - That's why you should have separate study projects and learning time, when you can play with those. And not trying to push all that stuff into production projects.
  • Ubuntu 17.10 release notes - GNOME, Kubernetes, Linux, Visual Studio, Snapcraft.io - Snaps with delta updates, Robot Operating System (ROS), OPAL storage - Quite a nice list.