Blog‎ > ‎

CloudFlare, IoT, Eddystone, Bitmessage, MegaNet, UP2PP, Attachments, Passwords, OAuth

posted Dec 16, 2015, 8:50 AM by Sami Lehtinen   [ updated Dec 16, 2015, 8:51 AM ]
  • Made a script which prunes files selectively and automatically from CloudFlare's cache when new versions are pushed on server using CloudFlare's API. Similar logic could be also used with files which get updated quite infrequently but are requested often.
  • Internet of Targets (IoT) is going to be a huge security disaster. Not only intelligence agencies are able to snoop you. But due to all kind of crappy software (as it is, there's no denying of it), basically competent hackers and crackers can snoop you too. That's going to be great, awesome or absolute nightmare. Depends which side you're on.
  • Ordered a few different Bluetooth Beacon devices, now it seems that there are also reasonably priced Eddystone's out there (finally). The prices were really ridiculous when I checked it last time about half an year ago. Now you can get those for under 10 EUR/USD shipped directly to home. Last time when I checked prices were almost 10x aka 1000% more than that.
  • MegaNet - Just so much blah blah blah, and very little facts. I just love this kind of hype stuff. There's nothing new about it, all the references to Bitcoin and Blockchain sound just silly etc. Actually blockchain is exactly the problem of Bitcoin, because it makes it inherently non-scalable and in away 'centralized' because there is one shared state. It's bad it's not good, and it's nothing new. Same issues also touch Bitmessage which uses flood casting. Flooding is very bad for scalability. As well as actually makes the network very vulnerable to performance degrading flooding attacks. Which I've proven earlier. 
  • Wrote a script which fetches statistics data from CloudFlare daily and stores it into database for charting and analytics purposes.
  • UP2PP - Comments: Generic jargon: I think Bitcoin is quite bad example as decentralization, because there's still 'centralized or common shared truth'. This creates all the bottle necks of centralized system and even worse, requiring a lot resources from each member of the network. True decentralization doesn't require this kind of shared picture. Actually it's really silly how people boast about Bitcoin decentralization blah blha. Don't they realize that stuff like IRC and SMTP and DNS have been decentralized for ages. As example email / SMTP is truly decentralized. - But I fully do agree about the waste of resources when reinventing stuff that is already invented and proven to work. Yet often it seems that most of these reinventing the wheel cases are made in learning / study projects only. So whole purpose of reinventing something is to see what kind of problems you come up with and learning from those. It's just like writing your own TCP implementation with congestion control and everything. Even big companies like Microsoft aren't safe from risks of reinventing stuff. When they reimplemented the TCP stack, they bought huge number of vulnerabilities and bugs back to life which had been fixed years and even decades ago. Technical comments: UP2PP, Storage, Usage, Etc. Keyed networking... No SHA1 anymore thank you ... sha1hash ... In general this is lovely thought, there are just many caveats when implementing something like that. - I should have summed this up, put nope. This is just free thought flow, no time to sum up.
  • Found out that one IT executive uses always email to send data  between servers because the person doesn't know how to map drives, use network shares or even remote desktop clipboard to transfer files. I've got a complaint because I'm only allowing 1GB email attachments. I don't know if this makes me laugh or cry.
  • Previous one goes into same category when I renewed a few passwords and announced it well ahead to everyone. I received multiple really angry complaints because I'm: 'all the time changing the f****ng passwords'. Really? Is once a year all the time? Right. Let's use the normal standard where password is like companyname123 for 10 years, excellent, especially if that allows access to the trusted networks and not only the visitor network. Even the visitor network would be easily abused by something like the refugees hanging around the area. Or just for lulz. War driving isn't in anymore, but it could still be a lot of fun to make a huge mess and just disappear. Targets would be random, but it doesn't matter if you do it just for lulz if you're not targeting any individual or organization.
  • Something different: Checked out MRJ90, Embraer and Bombardier (CRJ1000) planes.
  • Heard some cool rumors about upcoming decentralized OAuth being developed by 'someone'. That would be neat. No links yet unfortunately.