Blog‎ > ‎

Miscom, ACS, Tails, UWP, GCSQL, fstrim, Encryption, WA API, TLS13, Duplicati2, TSX

posted Dec 31, 2017, 2:48 AM by Sami Lehtinen   [ updated Dec 31, 2017, 2:58 AM ]
  • Sometimes is funny how problems are created and won't get resolved because of bad communication. One example was that people were all looking for a aluminum case. But nobody figured out that it would be bit smarter to look for the content, not the case. In this case, the case was opened, and stored. But the content what really mattered, was in plain view on table. But still, everyone were looking for the case. That's just ridiculous. Always keep in mind, what's essential. Was the case, or the content what was needed? I bet it was the content. So they were so hard looking for the case, they didn't find the content which was in plain sight. - Ridiculous fail. - This happens actually very often, also in other contexts.
  • One access control system stopped working, it prevented us from accessing the system. The access control manager, said that we need new keys. When I contacted their technical department and told them, that if we need new keys, it's not our problem and you should provide us the new keys. Then their answer was that, there's nothing wrong with the old keys. But it's the access control system software update prevents the old keys from working. There's no reason to replace the keys. And then they said, that we can order new keys or wait until the access control software is updated again. - Ha, so classic. - The traditional, there's nothing wrong, it doesn't work. And we don't really care, attitude. We were left without solution. Always remember to claim that it's fault of some random 3rd party, and if you want the problem to be fixed, it costs you money. And we won't do anything about it.
  • Tails 2.11 is out, fixing many bugs. Nice!
  • Studied Microsoft Windows Unified Update Platform (UUP) and Universal Windows Platform (UWP). Sounds like a plan, but the actual quality and benefits of practical execution remains to be seen.
  • Updated several VMs to use Ubuntu LTS 16.04.2 64 bit server version. Next major update is 18.04 and that will only happen, after summer. When most of serious bugs have been fixed. I might even clean re-install some of the systems, which have been running for long times. To clean up configuration.
  • Google Cloud SQL (Postgres) - This is awesome. My favorite database and from big reliable provider and as fully managed service. - Neat!
  • Just wondering why fstrim at times exits immediately and says 0 bytes trimmed. I haven't yet concluded any reason for that. Is it a bug or optimization?
  • "What the CIA WikiLeaks Dump Tells Us: Encryption Works" - Yes, that's it. As said, there are always ways to bypass encryption, and that's what they're doing. But as said, it might be complex and might also reveal the operation & tools. So it's really far from mass surveillance and mostly used for spying selected high value targets. - The usual conclusion, of course we can do it, but is it really worth of it? Risk vs Benefit analysis.
  • WhatsApp planning to charge for API access? Laugh! Telegram is already providing totally awesome Telegram API for free. - So much fail for WhatsApp. Also Telegram works fine with browser alone, without need to install any bloated apps.
  • How TLS 1.3 Improves Handshakes - This is very welcomed addition. Describes abbreviated handshakes for TLS 1.2, session resumption using session ID and session tickets which are stored by the client. TLS 1.3 uses Pre-Shared Key (PSK) mode for session resumption. Zero-RTT (0-RTT, 0RTT) TLS 1.3 handshakes. Risk of classic replay attacks, this needs to be mitigated in some cases.
  • Tested Duplicati 2.0 backup software once again. It seems to be absolutely pretty awesome. As soon as it's not experimental and it's production ready. I'll be replacing many existing backup systems with it. Found out as usual, that most of things aren't documented at all, or are documented extremely briefly. But what's the problem, it's open source. You can always read the source code if you want to know how something works. Afaik, this is better, than the usual case, where there's plenty of documentation, which is out dated, doesn't list the edge cases and is mostly actually misleading you. Just making things harder than those should be.
  • Checked out: TSX - I'm just wondering how many programs use it. Transactional Memory is awesome way of speeding up non-completely parallel tasks. kw: Hardware Lock Elision (HLE), Restricted Transactional Memory (RTM).