Blog‎ > ‎

BuddyCloud, Satellite Internet, Opportunity Cost, Evil Hackers, Anonymous Email, Network Traffic Snooping, etc.

posted Dec 2, 2012, 9:01 AM by Sami Lehtinen   [ updated Jan 18, 2015, 11:17 AM ]
  • Whole .42 DNS system seems to be down, without prior notice as well as their 42registry.org site.
  • I really like di.fmsoma.fm and grooveshark.com but for different reasons. Grooveshark is great if you want to decide what you play. But often when working, you don't want music player to distract you by requiring feedback. Therefore I often prefer to play background music from Digitally Imported and Soma, but if I know exactly what I want to hear, then I prefer Grooveshark.
  • It seems that people who think that web was wonderful invention do not remember Gopher, web actually wasn't so big invention when we think what kind of services we got before it. Btw. I still use this browser from command-line: "Lynx/2.8.8dev.9 libwww-FM/2.14 SSL-MM/1.4.1 GNUTLS/2.10.5", how cool is that?
  • Reminded my self from Sybil attacks and how distributed networks should be protected from those. This was hot topic when I was actively studying DHT networks.
  • Checked out and tried BuddyCloud and it's wiki. They claim it's secure and distributed, based on what I saw, I would say it's mostly distributed, but it's not even nearly secure on terms I would call secure. It doesn't use any advanced authentication schemes. As usual, they value features over security, which usually leads to insecure design and typically even worse implementation.
  • Quickly glanced OpenShift PaaS by Red Hat
  • Mobile payment / loayality systems Seamless as well as AirTag. It's interesting to see if any of these can get worldwide dominance or if something like Google Wallet is going to dominate the market. I personally hate installing multiple apps, so using one app for everything, would be just great.
  • Syrian network outages made me to remind my self about alternate methods of getting Internet connection. Naturally I'm very happy with my FTTH fiber connection, but what if it's disconnected on operator level? Using devices like Iridum Axcesspoint you don't need national network. Another method is contacting radio amateur friends. I'm absolutely sure that guys can restore global communication. Well yeah, with naturally super restricted bandwidth, nobody's going seed torrents. But if message is important enough, ways are found and it will get delivered. Btw. I have also done some RC hobby years ago, making a small UAV and using cell phone with custom software as it's navigation and control system wouldn't be impossible either if situation persists. You can easily load small plane with few high capacity USB-stick(s) and then you'll get pretty good bandwidth. For extended range, even light solar powered UAV plane would be one working option. Yes, it would take work, but it's absolutely doable. So payload could be delivered to a distance of a few hundred kilometers easily during a day. Light balsa / film based plane flying on low altitude would be practically a stealth plane. Solar powered plane is also so quite that it would require good position to spot it. Thuraya IP / Thuraya DSL as well as Inmarsat Broadband services are available in Finland.
  • I received super interesting offer and opportunity to utilize my skills with interesting issues in a great team. This really got me thinking about opportunity cost and problems created by prior long term commitments. Well, long term commitments make life usually safer (as more stabile), but those can really badly hinder your progress at some critical points. If you're not tied to anything, you can take all new opportunities, even if it would require moving to another country etc. New task would have been slightly outside my comfort zone, but the challenges that it providers would have been way positive. It would have required me to very thoroughly study one topic area, which I already have covered in this blog several times and I'm quite familiar with, but not an real expert with production level experience. There are also other factors which also affect these key decidions, but maybe in future I'll be able (hopefully) to get opportunities like this for mutual benefit.
  • Spider Oak business ruined by mafia style hacker attacks? - To be honest, I'm sure that the attackers didn't want to completely ruin him / business. - Why? Because they could have made it much much worse. With that level of access to systems, it would have been very easy to... Modify software update system to gain access to all customer computers. As well as gather and abuse customer credit card information. They could have been able to do anything they want to customers cards, systems and data. If they're not looking for profit, they could just have simply wiped out all customer systems. For more profit it would have been easy to encrypt all data on disks using strong public key and ask for ransom. With that user base (million users) they would probably made a ton of cash. Criminals on that level would not probably have had any problem homing that money. This also makes it very clear that the hackers weren't doing it for money. What about leaking all documents from the attorneys office? I'm sure it might have been a huge nightmare for many people. What they did at Spder Oak was also incredible fail, they should have immediately replacing all systems with new and highly hardened versions. Letting situation persist like they did, was super unacceptable! Good comments at Hacker News. As I have said earlier, automatic updates can also be a huge security risk!
  • Eff: anonymous email guide. - Nothing new anyway, but worth of reading, if you don't know these things alredy.
  • Also checked out future technologies: CSS Custom Filters, Autocomplete API, Google Chrome Apps, ECMAScript 6 (ES6), Web Components.
  • Some historical stuff, I just laughed so much when people got upset by FireSheep and other network snooping. It's nothing new! It was back in 1995 when I was testing new HP network monitoring station when I just started to setup monitoring rules to snoop traffic in IT department. It didn't take long before I had tapped a few TCP connections which were made by financial department to bank. Yes, back then traffic wasn't encrypted as it unfortunately of isn't even today! So, it was easy to monitor what bank balance is, who's getting how much money, etc. It would have been also trivial to hijack the TCP connection. So, if it was trivial for me in 1995 to monitor banking traffic, who would have expected it to be non-trivial after that at any point? It was clear to everyone back then that all traffic which is not public should be encrypted, and same rule remains valid even today. Btw, it was really nice workstation with X, lots of memory and hard drive space, for full packet captures. It also made network traffic maps, directly extracted all TCP / HTTP sessions in realtime on screen etc. Yes, it was very expensive network monitoring tool back then, but it was what experts use everywhere. Facebook only got this in 2012, it just took them quite a while to encrypt traffic.
  • A very nice post about catching software crashes and how hardware can affect the situation even if program itself isn't malfuctioning. This is something which should be read (or at least be known) by every developer.
  • DRM is expensive, complex and hard to make / crack? Or maybe it's just ridiculous, check this out: Leaping Brain DRM! Btw, if you're reading this post, you must have cracked my unbreakable double ROT13 encryption. My lawyers will contact you. ;)
  • Sometimes reporting bugs can be really frustrating. I tried one day to report issue between Deluge Torrent Client and one unnamed Torrent tracker. Result was that Deluge team was claming that their program does work perfectly and there aren't any issues, contact the tracker owner. Well, I did that too, they told that you're using ****** client and you should use another client. Then I provided torrent file to Deluge team which they could have used to verify the issue, they didn't want to do that. I asked if the tracker owner would like to try Deluge and he didn't either. Oh crap, I had wasted about four hours with this mess. It was clear that there was problem with Deluge because I tried it with two more trackers with same software and using Windows & Linux versions and different files and network providers. I really confirmed that Deluge and that tracker software simply didn't work together. But nobody was interested about that or wanted to fix it. What we can learn from this? When ever you'll find software error or issue, just say, this program is **** and I'll use another program or service in future. That's the easiest way, trust me. This also isn't first time when I encounter similar attidude from developers. Any other torrent client and any other torrent tracker software did work as expected, using either of network connections that I had available at that time.
  • Nice documentation about Python's magic methods. Absolutely recommended reading, if you're Python newbie.
  • You have been warned, putting everything in hands of one large cloud service provider might be a real trap! - Google Apps assassinated my domain! Even if this site is hosted by Google, I naturally take weekly off-site backups.
  • Added Innovators Solution by Clayton M. Christensen to Kindle.