Blog‎ > ‎

LinkedIn, Passwords, PostgreSQL, Apache2, POODLE, Books, HTTP/2, EU Taxes

posted Oct 24, 2014, 11:41 PM by Sami Lehtinen   [ updated Mar 2, 2015, 6:42 AM ]
LinkedIn is used for Creepy Spying and Tracking.
Doesn't really surprise anyone. If you're using Facebook, Google or LinkedIn or similar Spy services like GitHub, well, that's what you're asking. If you respect privacy, you should only use services which do also respect it.

Yet another weak login authentication, one less password. When do they realize that using phone number or email address isn't exactly secure method of logging in.

Really nice post about PostgreSQL internals, not too technical, enjoyable basics.

Improved my server logging, now logs are much better, using Apache2 CustomLog.

Played with curl and some sites which use GeoIP to locate users. In many cases I can inject X-Forwarded-For header which contains spoofed IP address to change my location. Nice.

Linux NTFS 3g driver doesn't handle volumes correctly? Because chkdsk on Windows shows errors every time after using USB sticks on Linux. "Correcting errors in the uppercase file." So clearly everything isn't being done correctly?

Read thoroughly and thoughtfully this post: How POODLE Happened. It's excellent description of SSL history, similar attacks history and technical description how the attack actually works. Here's the original POODLE paper from OpenSSL.

Many people don't consider indirect passive information leakage as a problem at all. But I do, I'm very aware that everything done online is tracked all the time. Here's a good post about it, if you're not aware of it. 

Refreshed my memory what's the difference between MAC-then-encrypt, MAC-and-encrypt, encrypt-then-MAC. This paper sums it up. Authenticated Encryption. It's also recommended to read this: Order of Encryption and Authentication.

Added Bruce Schneier's book "Data and Goliath Is Finished" to my Kindle.

HTTP/2: The Long-Awaited Sequel @ IEBLog. Good information about what's new in HTTP/2.

Fixed some issues with LogRotate, because latest Ubuntu distribution upgrade caused some issues. Now everything is working just as expected and was working earlier.

Unfortunately I'm still having problems with Intel+Nvidia display adapter configuration at home. So some of my screens are dead, for now. I don't know who's idea it was, but xorg.conf is still being deleted on every system boot.

Year 2015 brings 2015 taxation changes for European web business in EU area. How you're going to deal with new regulations? This article shows how things will be, but what's the best solution? It's a really huge burden to report taxes separately to 28 different countries, which wasn't required earlier. Is there any solutions for this problem for small entrepreneurs? Discussion @ G+. One guy who runs small website selling electronic goods and services, said that this is going to be so big burden that it's better to quit than deal with it.