AuthApp, Bad Business, Network latency, Routing, Shadowhammer, Hybrid CoE

  • Finland is planning for national authentication application (in Finnish). Wow, that's surprising news. We already have smart card with HSM keys, but (almost) nobody uses those. I'm just wondering if the app options is going to be secure. That remains to be seen. I'm also really wondering how slowly they're waking up to this. They're also suggesting using USB HSM modules for personal identity.
  • Decided to quickly try Tier e-scooter rental service. And once again. Amazing, heir app is so full of s-hit! Usability is literally zero. Can't register even account, it simply fails, without any indication what's wrong. I can't stop loving these tech duudz. We make so awesome bs apps, that these are totally unusable. Great work guys! Someday you might meed old school guys, who actually understand what working software means, instead of making glitter bs, which got zero value and riding on VC money. Ok, honestly it doesn't matter if it's brain dead VCs spewing endless money on crappy bs service, or if it actually comes from paying customers but still. LOL! Unfortunately this seems to be very common trend in many companies. Sometimes, I think North Korean administration is doing their work better. - Confirmed, I tried 4 times registering account and it failed. Absolute garbage. This also reminds me about error handling. If something is wrong, just reset the form and let the user retry. Do not tell what's wrong. - I tried several weeks later, and it's till just as bad as it was earlier, even few updates. - No comments.
  • Honestly, I really don't get it. Why companies are doing some things so extremely badly. You could easily that their only intention is to troll their customers. What's the point of that? - Comes back to the basic question, is their target to maximize customer frustration and sabotage their own business, or are they really that stupid and incompetent? First it might sound harsh, but to be honest, if I ask my friends, all of them have and lots of similar experiences. It's not only apps, it's also furniture, home appliances, basically whatever services, products, goods and so on. Or maybe they're looking visibility buy creating hate via bad experience? Yet for that they could hire some media specialist who could easily create controversial ad campaign which enrage everyone. That would also work well, from attention point of view.
  • That network routing issue which I mentioned, doesn't sound bad. But what if you would be running critical systems on cloud, and you would suddenly notice that the system is operating 16x slower than it's supposed to? That might be catastrophically issue. Especially if that latency pops between application servers and a database server, or something similar which requires often several round trips. This just confirms the point that using "a cloud database" might be a very bad idea. Also that routing could be worse than Helsinki - Sweden. In good old days it was very common that Helsinki - Helsinki routes suddenly started to be routed via New York, adding ~100ms of extra latency. Have you tried how your microservice solution performs, if you add that kind of latency between a few modules? Could be interesting.
  • ShadowHammer - Surprised that the update channel contained malware? . No, not really. That's very nice way of delivering malware to large number of systems and can be targeted quite nicely, if the target systems are known to the attackers. - I've also warned about that possibility several times. - Especially, if the updates are downloaded over http and without signatures. Then it's trivial to change the deployed version very specifically on the fly, if required.
  • Hybrid CoE - Quite interesting organization. There's a Finnish legalization which basically makes it above the law. It as organization and it's employees can't be investigated, prosecuted nor convicted. Unless the organization specifically gives up this immunity. Only written exception is road traffic, where normal law applied. So in this case if there's a car accident or something, the driver can't claim to legal immunity. Hybrid CoE @ Wikipedia
  • Something not so different? Read a lot about development of electronic warfare, steal fighters, decoys and strategies being used. Weekend fun.

2020-06-07