Blog‎ > ‎

Email, Oscobo, UAAV, Telegram E2EE, NXP NFC, Bluetooth 5, EddyStone, FIDO U2F

posted Jul 4, 2016, 9:08 PM by Sami Lehtinen   [ updated Jul 4, 2016, 9:08 PM ]
  • After I switched email hosting I found out what I were expecting and suspecting earlier, but I hadn't had it confirmed. LinkedIn uses email batching, delivering emails in large batches to individual servers / domains. Now when I use different domain, I just get a ripple of the email. When I used my own domain and server, I got everything at once. Because it's just more efficient to deliver emails at once, instead of delivering those in multiple small batches.
  • It's also unsurprising that new email hosting is much slower than it used to be. I were used to everything happening immediately but now there's latencies related to everything. Previous server got under 1 ms latency and basically everything in RAM memory. Now data is being fetched over much slower link and of course it's not all in RAM. It's really easy to notice sluggishness on every turn when using the new service. With the old server worst case was that data wasn't in RAM and it had to be read from SSD SAN.
  • Oscobo replied to me linking a few articles. But none of those answer to the fundamental questions I'm asking. They haven't given out any information what information is being forwarded to 3rd parties like Microsoft Bing to fetch the actual results. It would be really nice to know. Afaik, this is pretty important question. It's easy to claim that things are secure in a way, that it looks good, but in reality we all know that it might still be very insecure, either by accident or incompetence or by intentional design.
  • Something different: Read multiple articles on The UAAV Digest. It seems that military drones are developing really fast, much faster (no surprise) than consumer ones. It's very interesting to see if (when) drones can practically replace hugely expensive air craft carriers. kw: TERN, VTOL, DARPA
  • Some people warn that Telegram isn't encrypted. Sure it's encrypted, but ... It's not End to End Encrypted (E2EE) unless Secret Mode is being used. Many of the Telegram clients don't even support E2EE encrypted Telegram Secret chat mode. Data is still delivered over encrypted connection, but it's not end2end encrypted. If you've got something truly confidential, who would use any "secure app" anyway? I'm sure the stake holders wouldn't love such actions and it would be blatant breach of confidentiality.
  • I guess the new Russian data collection law isn't that bad? At least they're openly admitting it. Other countries might do exactly the same, or worse. They're just not telling about it. Basically all communications need to be stored for six months in plaintext and if encrypted there needs to be a backdoor for deciphering the communications.
  • Ordered a set of programmable NXP NFC tags - just for fun, play and experiment. Let's see if I can figure any practical use for those. Maybe configuring visitor WLAN at office could be one use.
  • Checked out Bluetooth 5. 4x the range and 2x the bandwidth. Whats even better then Bluetooth Low Energy (Bluetooth LE or BLE) version with got 8x broadcasting capacity and connectionless services. Thats' very nice. But it doesn't increase power consumption. Well well, that's something extremely nice. It's easy to add range or capacity, but usually that means that systems will require more power. I've already got a few EddyStone Bluetooth beacons, which are working very nicely broadcasting a few URLs.
  • Also ordered a cheap Feitian ePass FIDO U2F Security Key and for comparison Yubico's YubiKey NEO. Just to have something to play with on my vacation. Even if I'm big fan of Strong password (shared secret) + HTOP / TOTP (as 2nd factor). I'm also wondering why some people don't get that Google Authenticator is not an independent technology. FIDO Fast IDentity Online - Universal Second Factor (U2F) - Let's see if installing pam-u2f will be fun. Terms like Passwordless UX (UAF) and Second Factor UX are used by some vendors. Device conveniently works as USB HID (Human interface device, aka keyboard).
  • So much fail. Physical Web App for Android got updated. Now it doesn't show EddyStone Bluetooth Beacons which it did show earlier. Yet all the other similar apps do work flawlessly. - Business as usual, we improve the software so much it becomes totally unusable. - Found out the reason later, they now only accept HTTPS sites.