Blog‎ > ‎

HTML5 SDKs, Telegram, HTTPS, Restlet & Python, Backup & Restore

posted Dec 28, 2013, 8:21 AM by Sami Lehtinen   [ updated Dec 28, 2013, 11:00 PM ]
  • Played with Ubuntu HTML5 SDK and Intel HTML5 XDK. I think that I'll have to figure some simple project which I can push through just to learn these tools. Maybe simple game, or something similar. Which just requires to handle basics, etc. Just like I did with Google App Engine. Wrote a few simple applications to learn the concept.
  • Telegram crypto contest. Perfect example how easy it is to get bitten with cryptography. Well first of all, we know that most (or not even all) systems aren't secure. Therefore "Extraordinary claims require extraordinary evidence", is very true. Because basic assumption is that everything is insecure, if you're claiming something to be secure, it means that you have to have massive amount of proof, or otherwise your claims are most like to be false. This is yet another great example of Dunning-Kruger effect. Because if you don't do proper research, it's easy to say that all evidence points that you're right. Because you didn't want to know the evidence that wouldn't tell you you're wrong.
  • HTTPS deployment guide. Nothing new at all. Only thing with that guide which I don't agree about, is redirecting http to https. Well, if site is secure, there shouldn't be any http references to it at all. And if there are, it's better to break those references, so those can be fixed. With redirection those bad references will remain there and won't get fixed. Yes, this is true even if HSTS, secure cookies are being used. Worst possible situation is case where non secure cookies are used, and maybe HSTS expires before cookies do. In this situation stupid user (which there are plenty!) can access domain with non https url and now authentication cookies get sent over http connection which then redirects to https connection. User gets false impression of security, even if authentication data was sent as plain text. This is the reason why I recommend disabling http completely. If there's no http service, users with bad urls won't get any access. They have to fix their urls.
  • Had strange problems with Restlet & Python urllib. Screenshots and problem description are posted To Unofficial Python community @ Google+. Based on headers both POST requests should be ok:
    Using http.client:
    POST http://localhost:8888/ HTTP/1.1
    Host: localhost:8888
    Accept-Encoding: identity
    Content-Type: application/xml; charset="utf-8"
    Content-Length: 51

    <?xml version="1.0" encoding="UTF-8"?>
    <data/>

    Using urllib:
    POST http://localhost:8888/ HTTP/1.1
    Accept-Encoding: identity
    Content-Length: 51
    Host: localhost:8888
    Content-Type: application/xml; charset="utf-8"
    Connection: close
    User-Agent: Python-urllib/3.2

    <?xml version="1.0" encoding="UTF-8"?>
    <data/>

  • New Year is here soon. So it's a good idea to check that your backup and restore procedures are working as well as changing all old passwords with new strong ones. Yes, I know, doing it yearly isn't nearly often enough, but it's still a lot better than not doing it at all. - You'll only know that your backups are working, after restoring everything from those. Without restore tests, you'll never know if those are really working.
  • Don't forget to renew passwords too! Renewing passwords yearly, isn't nearly often enough, but it's also better than never. Also don't reuse passwords and use strong passwords. Yeah, I'm sure all of us are sick'n'tired with these tips. But in reality people use bad passwords and over and over again. So it's clear that these tips haven't been told often enough.
  • Studied government harrassment and especially Stazi Zersetzung.
  • If you haven't been following tech news tightly, you might find something interesting from this post: Best 2013 things & stuff.
  • Why new passwords are given twice? Well, one guy who I were helping with his computer. Wondered how stupid developers are, because they're asking to enter the same password twice. It doesn't make any sense. Until the guy him self, was encountered a third time with message: "passwords do not match". Oh boy, I couldn't resist laughing. Well, that is exactly why. I guess you don't have any idea what you're typing in.
  • Refreshed my memory about: Litium-Ion batteries, State of charge, Battery balancing, Memory effect, Charging Lithium-Ion Batteries, Error recovery Control (CTER / CCTL).
  • I also recommend reading this guide, it's just how easy it is to make false claims, by using skewed, bad or misleading methods. Statistics Done Wrong The woefully complete guide