Blog‎ > ‎

Data Security, Donations, Bug Bounty, Trees, CyberBunker, Panopticlick, Bitmessage, Privacy

posted Feb 4, 2016, 7:46 AM by Sami Lehtinen   [ updated Feb 4, 2016, 7:46 AM ]
  • The Finnish Communications Regulatory Authority recommends a few new years promises to make. (In Finnish) I checked every recommended entry, let's see if I got 'clean pass' if there's something to improve. - Actually there are a few items where I know I could improve things. Some of those tasks just simply require too much resources. If the aim would be security alone,it would be ok. But some of use got other things to do than only worrying about security and making everything possible to improve it. I mean, I do a lot to make things secure, but some of those requirements are just simply too tight for especially information which doesn't actually require that level of protection. So I know I'll flunk those entries. It's just doing things on need to do basis. Yet estimating properly when things need to be done and on what level is often hard to say without doing proper security assessment which in turn requires lot of resources.
  • Made yearly donations to (in alphabetical order): 7-zip, GnuPG, LibreOffice, Soma.Fm, Ubuntu, VLC, Wikipedia. It's a good thing to support excellent projects.
  • I just talked with some colleagues a lot about different options and how to run a Bug Bounty Program. Also remembered that Tor project is going to launch a bug bounty program too. There are so many legendary reports about different bug bounty program cases where they refuse to pay and start threatening everybody instead. Wouldn't it be just easier to pay, of course unless if it's going to be very expensive.
  • Checked out RKB and BSP trees. Reminded myself about good old R-tree and GiST.
  • Checked out CyberBunker hosting for a friend, SWIM SWIM!
  • Panopticlick 2.0 by EFF - Yep, as expected my setup is unique as usual.
  • Had a humiliating fail with one integration. Luckily it's just just ~50 hours of server time wasted. And a customer waiting for results. Well, good thing is that I caught the problem my self and nobody else got it. That's life. Now the process just took exceptionally long. It takes fails to learn. Yet the fail was such that I should have caught it earlier. So shamed about that. I was just sad about the task failing, and when walking to home. I got the feeling, bleep, bleep, bleep. I know what caused the issue bleep! Gotta get to the office early in the morning and fix the issue and get the batch task running again. Luckily during Xmas / New Year vacations, nobody seems to care too much if the systems are bit laggy. It's only important that everything running smooth, correctly and well when they arrive at work after vacations. Yes. I'm makign sure that will happen.
  • Really nice article about USB Flash storage internals. - Yep, I knew it all. Nothing new, but it's good to remind yourself about this stuff. I've been actually having some issues with USB Flash drives and some of those seem to be especially slow with NTFS or ext4 and perform much better with FAT32, just as the article says.
  • Bitmessage (and many others) use mesh style networking, with flood casting. Which allows graph shaping operations to modify the graph so that it's easier to locate the network message initiators aka posters of public or senders of private messages. Things like private key queries can be used to secretly ping the nodes via the network and figuring out where those are, even if there wouldn't be any other visible traffic.
  • China signs a law which requires companies to hand over encryption keys? I wonder what's the real story behind this and how it will be actually applied and if that's the right form of it. What about ephemeral keys which are created on the fly, how you can hand over those except leaking the private key? Or is such construction forbidden by law?
  • Had interesting talk with friends about Eddystones and location aware services. Yep, nothing new. Yet we covered some special and quite interesting use cases, which I unfortunately can't mention here. How international multi level marketing distribution could be automated and made more efficient providing superior service levels for customers and better deal terms for service providers. Very interesting topic and potentially disruptive market changer. Similar stuff has been discussed in different Bitcoin forums for a long time.
  • Checked out new Telegram Inline Bots. - Yes, that's very useful and easy way to access those in groups.