Blog‎ > ‎

Dependencies, Risk Assesment, Threats, Security, CDN Helsinki, LIGO, Virgo, GW150914, OpenBazaar

posted Apr 22, 2016, 11:37 PM by Sami Lehtinen   [ updated Apr 22, 2016, 11:38 PM ]
  • Kill your dependencies - I so much agree about this! I've seen some developers adding new heavy weight dependencies using libraries to implement even simplest of tasks. One project contains 20k of source code and 100 megs of other libraries. My apps usually run so fast and light, because instead of using bloated libs, I often like to implement simplified solution for what I need. Yes, there's time for libraries but often I can do without. Does one project need urllib, http.request, requests, urllib2, urllib3 and some other fancy ways to make http requests? I also agree about using several different JSON libraries is silly. One project used JSON for everything, except one interface uses protobuf, just because it's cool. Hmm. Ok. Also using many different solutions for same stuff increments attack surface, it's enough that one of the libraries you used is seriously broken. That's why I'm mostly using standard library stuff for Python and sometimes make very simplified things which aren't in stdlib in my own function, instead of importin yet another external library and potentially bloated requirements with pip and compilation and compile tools. When you start compiling stuff, then you need probably more libraries for that and then those libraries require libraries and. Yep, we doing this stuff know all know that.
  • Short comments about national risk assessment by ministry of the interior. Internal threats. Just short (translated from Finnish) list of keywords: Energy Security, Cyber Security, Digitalization and related risks. Espionage. Sabotage. Vulnerabilities. Probability, Impact. I excluded stuff like: transportation, chemical and explosives related incidents, geopolitical risks, pandemic infection deceases, floods, solar storms, extreme thunderstorm, terrorism and immigration (refugees). 
  • For personal home security, do you have proper locking, monitoring and alarm systems? Safe for valuables? Fire alarm, extinguisher(s), adequate personal and close range protection (weapons). Proficiently practiced skills to use of those devices. Money cash? Available? Money, gold, and stuff for trade? Food and water storage / availability / filtering / melting capability? Heat is also very important in areas like Finland where you can literally freeze to death. Proper clothing? Some (city) people don't even have proper clothing that would let them survive extended periods without heating or power.
  • Microsoft seems to be serving stuff now from a-msedge.net (even in Finland) which provides really fast downloads and low latency. That's nice. It's present at multiple Internet Exchange Points around the world (IX).
  • Sometimes I wonder why Finnish sites, which user base is basically only Finnish users due to locality of service and language choose to use international CDN services, which then server content from Stockholm, London or Frankfurt. If the site itself is hosted in Finland, serving rest of content from that would be faster than using the 'mighty' CDNs for market which those do not really care about. There are really many CDNs which do not have presence / POP in Helsinki and several important ones which doe not have presence / POP in Stockholm either. Even Moscow would be faster than Frankfurt or London. Let's see if the C-Lion1 changes that. If things go well, latency could be almost same. St.Petersburg would be even closer than Stockholm. Yet routing to Russia varies wildly between operators. Some route directly from Helsinki to St.Petersburg, some cases traffic loops via Stockholm and in some cases even via Amsterdam or Frankfurt. So latency can be anything from 5 ms to 80 ms depending from things which are quite hard to say without checking routing and testing.
  • Checked out LIGE, Enhanced LIGO, Advanced LIGO and European Virgo.
  • Some seem to be worried about building P2P systems. P2P is just like distributed but everything is slower, more unreliable and you can't trust almost any (non-signed) data. But after all it isn't that different if you've been dealing with distributed systems earlier.
  • Intro to #Python #Signal #Processing using GW150914 Open Data. - kw: iPython, numpy, datascience, dataanalytics, scipy, matplotlib, h5py, hdf5, opendata, ligo.
  • Who Controls OpenBazaar? - Lot of discussion if P2P networks are somehow inherently evil? Well, read this. It's how it is and has always been, but some people just refuse to get it. - Shouldn't your ISP be responsible for all Internet content, after all they're delivering it to you.