Blog‎ > ‎

Facebook, Attack Map, Qlik, Panorama, Tableau, BuiltWith, P2P Insurance, Tiedustelulaki, Identity Management

posted Oct 2, 2015, 8:43 PM by Sami Lehtinen   [ updated Nov 1, 2015, 5:29 AM ]
  • How Facebook lets people know if you're ok. - I think the post is full of obvious stuff. I personally didn't find anything especially interesting in it. Most of stuff are very basic optimizations that should be done with every project. Yet there's one question. If there's a disaster area, is the primary goal to overload it's networks with non-emergency traffic? Isn't the basic rule that if something happens, you should avoid useless and unnecessary communication and there's probably better uses for the bandwidth? So when I think about it, yes, it's nice if it makes it unnecessary for people do the most undesirable thing aka call the area / persons in the area. Yet flash flooding networks of one country might still be a bad idea and depending from situation could hog quite much bandwidth / overload networks. One thanks for stupid behaviour goes to all those über stupid Hollywood movies. It seems that people do not act in the movies like they're trained in military and by emergency services to do.
    I still remember when SMS was getting very popular and during new years eve the SMS traffic got so high that it totally overwhelmed the networks and delivery systems. Result? The flash flood of SMS messages was still being extracted over two weeks after the new year. Overload also caused situation where ACK packets failed to reach the servers and it made the situation just much worse. Now the same message could get deliverer even tens of times. Similar situation happens with TCP when packet loss goes up packets get redelivered and lost connections are retried. Making the over all situation even worse than it would be without this retry logic.
  • Norse Attack Map - I don't like that map at all, it's way too generic. It's so common people get confused about attacks and all kind of lies being sold by security companies. Yes, there are real attacks, but most of background radiation junk isn't real attacks. As well as real attacks might not get detected as being real attacks. Otherwise it would be way too easy to detect attacks.
  • Is this going to be the future of Internet of Things? I'm really afraid it will. But I hope it won't. A story how horrible security IP webcams can got.
  • Checked out B61-12 nuclear bomb. Interesting and expensive stuff. As well as Ka-52 Alligator. Read more stuff about Yasen Project 885 submarines.
  • Checked out Qlik Sense Desktop and Panorama Necto 15. Both excellent self-service smart data discovery and visualization tools which can be used for Business Intelligence analytics. I've explored Tableau earlier and I really loved it. Qlik Sense Desktop is just as awesome. I didn't go into details or trying doing anything hard. But basic dashboard from data in database was trivial to visualize and creating a dashboard from data was awesome and easy with all three products.
  • Watched a few nice BBC documentaries, Computer Algorithms, Computer technology (early history) and history of Diesel Engines. 
  • Nice document describing the Cinia Group Oy / Sea Lion (C-Lion?) submarine cable system (PDF). - Read it all, but afaik, there wasn't anything new in there. Just generic document about submarine cable laying and design, protocols, processes, equipment required, planning, etc. Including detailed route, depths, and laying technology, environmental impact and so on.
  • StartupDaily / BuiltWith - This would be pretty much my dream. Something quite simple, running in fully automated form and making money. It would be just so wonderful to own such business. Well, I have some plans, but nobody ever knows if those are going to work out or not. Probability for miserable failure is something like 95%. But sometimes you'll just strike gold. Who knows. 
  • Read documentation by Michael Folkson, Building a risk market for the digital Age. - Nice description how Bitcoin blockchain and OpenBazaar style digital assets could be used issuing distributed digital insurances. kw: value exchange, risk exchange, decentralized insurance marketplace, insurance industry, blockchain technology, peer-to-peer insurance.
  • Some thoughts about OpenBazaar and distributed insurance market: About distributed insurances, does it mean that the amount of insured money should be held somewhere in escrow? That basically ruins the whole business if it's like that. I'll be reading further comments, before posting this. But it was my first thought. Like in case of liability insurance, customer might pay 100 units, and the amount that the customer is insured for can be 1000x more. So the 100 unit escrow isn't worth of it, and also if that 1000x is required in escrow, it's ruining the whole business. So yes, there's counter party risk, but it's kind of essential part in making the deal feasible. I'm also very keen to know what kind of insurance deals there will be available and how those are going to be technically arranged. All this slightly reminds me about the X-Trackers 2.0 synthetic ETF counter party risk management. kw: collateral damage, escrow contract, conventional insurance industry, insurance brokers, buyers, sellers, claims, payout. Have to read and think lot more about how this is going to work. Luckily I guess the community got excellent expert contacts with this matter.
  • I was bit worried if Electronic Frontier Finland - Effi ry would completely miss the Finnish 'Tiedustelulaki' issue. But they didn't. Here's their comments about it in Finnish.
  • Handled a lot of deep thoughts about identity management with my friends. Yet there's nothing new. I've said it earlier. Good systems provide possibility for complete anonymousness as well as very strong pseudonymous credentials. If required or wanted, that pseudonym can be linked to real life identity. But it's completely optional. I've done that several times personally buy signing anonymous posts with freshly generated OpenPGP key. So all of my posts got very strong pseudonymous identity. If require, I can sign message with that same private key revealing who I am as well as cross signing (mutually signed) it with my well known personal public key. Just so much talk with my OpSec and InfoSec nerd friends. Is my tinfoi tight enough? No? I think it's leaking some TEMPEST radiation around.