posted Feb 4, 2017, 9:49 PM by Sami Lehtinen
updated Feb 4, 2017, 9:50 PM
- Mirai and IoT security. It's just as expected. And as we all know, it's going to get much worse soon.
- Another long discussion about standards, this is great topic. Here's some random comments about that: When something 'temporary' seems to be working well, it becomes de facto permanent. When that then breaks down, it's required to be repaired in a hurry, so it's likely that it gets fixed with similar solution. - Totally normal loop. If could get then fixed properly, but why bother, when it now works ok again. This is totally normal logic, and you'll see it everywhere you go. It has nothing to do with Internet, ICT or computing in general. Because we also live in changing world, over engineering something is silly. Then you'll end up with 'large corporation' like solutions. Where they'll rent up a building, it's upgraded with all the latest gear and then for some reason it's demolished 6 months later. It's the same discussion like with cell phone durability. What if you would get NASA space engineered cellphone, first it would cost 6k and it would actually last 20 years. But why bother, when you'll anyway replace it every 1-2 years. Or team which spent 3 years optimizing something, which never launched or got used for anything at all. Based on this, I assume all of you guys got a single fiber sockets i all rooms of your apartments installed? - You might not need it now, but it would be good start for high standards. - I do have, and I feel kind of silly. It remains to be seen if those are ever needed as long as I live here.
- You're probably doing DNS wrong - Why make DNS a critical point? Why not have a fall back / backup solution in the application level? - Not all DNS entries are used for web-sites only. If DNS entries are used for applications, also implementing fall back / caching inside application is totally viable way. Use these DNS entries and if these fail, use these IP addresses. - This is something which should be done if the connectivity is important. Some of the backup IPs shouldn't be listed on DNS so if the attacker doesn't know the platform they're attacking well enough, they'll probably miss the services and therefore the DDoS won't cause disruption was it DNS or the servers listed in DNS entries.
- USB standard & Apple - Yay. I've been annoyed by USB standards, connectors and stuff several times. But this is even worse than what I knew about. What a horrible mess.
- Some Hand Held Terminal (HHT) experiments.
- Build vs Buy, generic of specific features, etc. That's really hard decision to make at times. I guess there's no perfect solution and it needs very careful consideration in every situation.
- Just a short list of stuff I've done:
- Consulting, business analysis, implantation, data set up, migration, training, support, integration, project management, product management, all rounder tech guy.
- All round experience: planning, installation, configuration, help desk, software development, reporting, project management, user experience, system reliability, technical sales
- System integration, dozens of integrations from early planning & sales support to extended term production support, 15+ years
- Software tailoring, functional specification requirements as well as exact technical requirement understanding
- Cloud platforms, Server infrastructure, POS hardware, Networking, Database Administration
- Quickly tested Minoca OS and Elementary OS. Maybe more comments bit later.
- A few very long discussions about 'secure email providers'. My personal recommendation is that you should never trust any secure mail provider. It's much better to use PGP / GPG or some proven cryptography and non-SMTP transport. If hiding connectivity / metadata / identity isn't required, only communication security. Then it's easy. Like for business communications etc.