Blog‎ > ‎

InfoSec, OPSEC, Google, Cloudflare, Microservices, LTE, Data, Liability, OpenBazaar, WiFi

posted Sep 13, 2015, 1:04 AM by Sami Lehtinen   [ updated Nov 12, 2016, 7:21 AM ]

Items are totally unordered, more like shuffled.

  • Reminded my self about the difference between git gc --aggressive vs git repack -Ad and git purne.
  • Had once again extensive discussion with friends and colleagues about Information Security (InfoSec) and Operations Security (OPSEC). It's just so easy to forget it. "Silence means security / Loose lips might sink ships"
  • Also configuring ICT systems securely and using secure operational procedures is very important. It's just so easy to make one little mistake and completely debunk security. Yet of course this requires that the attacker is there to exploit it. But some of the flaws are so serious that the hole will be left open and can be exploited later.
  • Dolphin Browser is probably one of crappiest mobile browsers available. Currently it seems that even clear history functions are broken. It confirms to user that history & cache have been erased, yet nothing gets actually deleted. I think it's a perfect reason for everyone to boycott such malware. Among countless other serious serious usability and security issues with the browser. Like preferring RC4, being vulnerable to many SSL/TLS attacks and the list goes on.
  • Google is expanding data center in Hamina. According latest permit documents, it would reach about 900 000 m^2 (square meters), which translates to almost 10 million square feet. That's huge!
  • Once again advanced remote video surveillance turned out to be beneficial. It's always good to be trained and prepared on both physical and on cyber security. These solutions can help you to maintain privacy and security of premises and also to give an advance warning if something is happening / going to happen. Yeah, I hate 'cyber' word, but that's what media seems to prefer.
  • Finland tries to get more exports. But exports are mainly focused on digital services like games or electronic ERP & business platforms. Also system integration is trending and expertise is being sold to foreign countries boosting exports. BTW. This is good news for me. I'm expert in exactly this field. Business system integration, ETL, data processing, reporting, refining, etc.
  • I'm trying hard to catch up on latest OpenBazaar development. I've been busy with a few other things lately. But during fall when weather starts to suck, I hope I'm going to make it. Long dark cold weekends, all you can do is study & code.
  • Quote from Tivi magazine: ' IT-osaaja on jatkossa yhä enemmän moniosaaja, sekä yksityisellä että julkisella sektorilla. Hyvän ja syvän asiantuntijuuden lisäksi tarvitaan bisnesälyä, toimintaympäristön ymmärrystä ja kykyä kehittää uutta”, VR:n Jukka-Pekka Suonikko sanoo." ' - Yep. It's not enough to understand one small thing about ICT. It's required to understand the whole and also have some understanding of business logic and business environment as well as being able to see how these things can be further developed and enhanced.
  • Further improved some monitoring systems due to public request. Added some really neat features, like response time sparklines for showing lately developing trends.
  • Very long discussions should systems be built with microservices or not. There are so many things which affect it. Microservices can be a great or totally horrible thing, depending on so many other factors how the system architecture is being built. A great blog post about microservices. I've also got friends who've built (actually) critical production systems using microservices architecture including great realtime monitoring and management systems. Without those systems, microservices can end up as being unmanageable mess. Of coure I can't tell you any details of those systems. But let's say that the control panel they used was very near to Apache NiFi (control screenshot) - Where you just link microservices together and see the data flowing. You can also modify module settings reconfigure system, and and remove modules (microservices) or add modules in realtime. Data splitters, duplicators, filters, logging, etc. Without this visibility, microservices could be just a black box with random performance issues which could be really hard to debug, without right tools. - Link to full Apache NiFi site. - Something new in this screen layout? Nope, I just remindes me from good old DOS CA - Super Project. Yep, I've used it already back then.
  • I also loved the previous article, because I've been involved with such job now for a few years, discussing these very specific topics. Processes, technology, marketing, etc. Everything related to launching a new product and supporting it.
  • Also spent a day studying Apache ServiceMix. Which is quite direct competitor to Microsoft BizTalk Server.
  • Nokia TDD and FDD co-existence in LTE networks. - An excellent article about pros & cons of different network duplexing solutions. (TD-LTE, FDD-LTE, RAN, 3GPP, multi-cell optimization, eICIC, LTE, DL/UL CoMP).
  • Data is a liability? - I agree with this article very much, it's excellent! I prefer to delete all data, which I can name a reasonable reason to maintain. Yet as I've written earlier, many CEO and CTO guys seem to prefer never delete anything attitude, which leads to exactly the problem of data being a liability. There can be a really lot of data, which is being stored, without customers / users consent for extended periods (basically forever). I've also noticed that many people got some kind of totally delusional attitude about 'deleting' something. When you know how systems work, it's easy to understand that delete almost never means delete. It means that 'this space could be freed or reused later'. But nobody knows when that later comes. it can come quickly, or never. So users should really realize that there's no such thing as "deleting something". If you released that content once, or uploaded it to somewhere. There is NO WAY WHATSOEVER to make sure it's deleted. You can't simply do it. Don't say anything now. Because you're probably trying to say but I can delete it... Yep, but that's just the silly illusion or delusion you've got. Even if their ToS says whatever BS. You don't know if some developer had debug mode enabled and copied your data to never lasting secondary storage, where it doesn't get deleted and in some cases it can be also outside all the circle of protection which is being applied to production systems. It's petty much guaranteed that over 10 years old data which hasn't been useful so far would be actually useful in future. But if it leaks out it still could be harmful. As example, you have no way knowing, if Facebook, Google, Gmail, Amazon, AWS, S3 or Dropbox still might got everything, absolutely everything, you've ever uploaded or communicated via it. Same applies to VPN service. You don't know, if they got 100% packet captures of everything you've ever passed through their service. Well, they might not have it, but they also could have it as well. What about the online backup services or outsourced business solutions? If you're using Office 365 for business or Skype for Business. Who knows, maybe and probably all that data is also held forever. Even if you end your subscription, nothing forces them to get rid of the data. Or the Cortana and Windows 10. But there are corporate rules, ToS. Laugh! Yeah, it's enough that there's one high level guy who got special interest in you based on whatever profiling or reason. Finnish people are even usually following rules, most of other nationalities don't give a s*t about rules. It's forbidden or illegal? So what. I don't care. I just yearly do a 'debug run' where I collect all your data, encrypt it and store on my personal external hard drive and take it out. And you said clicking delete on the data in the 'cloud' would help? Good luck! Don't forget all the 'private' IM platforms. Those could be also retain your data, images, documents shared over it forever. That's real hazard people are taking now. Someone buys old drive from ebay, get's 10 years old snapchat and decides to publish it as Torrent for lulz. That would be kind of funny. Wasn't it all private? How's this possible? Scavenging data from disposed drives would be fun hobby, if I would have time for it. Figuring out what fun we could do with all this data. Fun just in case you can't monetize it. - But why we should care of worry about this? All is well, just keep doing whatever you're doing. Or when you send your PC to repair. They copy everything from it, and never delete the data from their systems and for easy access, there could be large number of people or even third part companies being able to access all that data. At some point in time there's a configuration error on the 'temporary (permanent) data storage' and all that content copied from hundreds of laptops / work sations becomes searchable via Google. Well, it happens, and you asked for it. What's the problem? Didn't you realize that (whatever content you have) on you computer, is public. Even if it was serviced 8 years ago, yep. You've since deleted 'that', but nope, now it's visible for everyone via a proxy. Enjoy! In hacker news discussion they said data is an asset. Sure that kind of data cache could be a great asset for someone wanting to blackmail those people. But monetizing it legally could be hard.
  • A really nice performance optimization post by Julia Evans. - Yep, that's very classic and perfect example, how small changes can make very drastic and actually really meaningful performance change. Quite a classic.
  • Checked out yet another combined encryption & key device called Nitrokey. It promises to secure your digital life and it's made in Germany. One of most important parts is that it's software is OpenSource.
  • There are discussions around the net that OpenOffice shouldn't be used anymore. So if you're using OpenOffice still, it's a good time to boot it and get a great replacement called LibreOffice.
  • PEP 0498 approved - That's very nice. I'm definitely going to use that structure as soon as my apps are using Python 3.6. Which won't be too long since it's released and tools like cxFreeze and PyODBC (x64) are going to support it.
  • Interesting FAT32 fragmenter. I've written on purpose fragmenter too, but I've used bit different and simpler & higher level construction of small filed deletion and growing one large file. The way I do it is in a way better, because it works on every file system.
  • That TSA key leak was just funny. Anyway, if there are widely used and known backdoor already you could consider it completely insecure. Even if the key isn't known by the public. Everyone who's really needs a access to those keys, will find a way to get it. It's just stupid like using default credentials, which is constant problem in ICT. Managing credentials sucks and nobody want's to do it. It's just easier to use same credentials all the time and everywhere, which is ... Yeah, it is. Well ... That's all folks.
  • Oh, let's add just one more quote. One client said about credentials, it's just so 'impractical'. It's better if there's no security or the widely shared credentials are used everywhere. Business as usual. Making things secure costs time and money, so it's better not to make systems secure.
  • And more work with business model canvas and process flow charts. Figuring out how to provide value proposition, deliver it and monetize it.
  • Windows 10 on Lenovo Miix 2 8" tablet doesn't recognize WLAN (WiFi) networks on channel 13 in Europe even if every setting I found is set correctly. So enraging, because that's the only channel providing good throughput in the business area where there are tens of WiFi networks on every other channel.
  • Had long discussion about system security with a team: How would I attack my own systems from outside with all the insider knowledge I have? Would I do anything differently than when attacking systems without insider knowledge? What about exploiting social hacking vectors instead of technical entry?
  • Get a dog, it's a prefect cover for frequent dead drop visits.
  • Austin Williams notes about OpenBazaar Censorship-Resistant Storage of Ratings in OpenBazaar's DHT - Really nice post and clearly shows how much consideration there has to be made to find the good solutions. Only one major fail can make the whole system totally useless.
  • University in Finland is researching a new kind of network which would workaround service providers. But as I've written several times, mesh networks are neat idea but also got serious drawbacks. I've written about those aspects several times, not going to repeat myself. (Firechat, Distributed Newtorking, Mobile Clients, etc.)
  • Un-Google, is it futile? - This is a very good question? Is it futile? I think it's not. I've personally moved all of key systems I use for private communication to my own server. I don't use Google, Facebook, Twitter or any of those service for thing requiring privacy. As well as if things are considered to be 'secrets' then I'm opting for OpenPGP or S/MIME as everyone else should too. So I've personally went through that process long before Snowden revelations.
  • Internet of too many things? - You're being watched all the time everywhere, and data bout it is being stored for indefinite periods.
  • A technical comparison between SPDY, HTTP/2 and QUIC protocols. - Liked it.
  • CloudFlare says IPv6, HTTP/2, SHA-2 . I've personally been there done that years ago. Nothing new there. Are you responsible for running legacy systems still?
  • CloudFlare's Data Center / POP map starts to be crowded. But there is still free space for at least Laos, Mumbai and Moscow.
  • Checked global Economy & Investing opportunities as well as reminded my self about details of Baltic Dry Index.