Blog‎ > ‎

Mobile Payments, HTTP/2, Dark Market, Dark Web, Cyber War & Terrorism, GAE, Done, Information War

posted Oct 17, 2015, 11:55 PM by Sami Lehtinen   [ updated Oct 17, 2015, 11:56 PM ]
  • Worked with one Mobile Payment Application integration project, I'm expecting it to be quite a hit in Finland. - Can't tell any details right now. But well, I guess it'll marketed with high visibility, when it's out. Whatever it is.
  • Studied Apache mod_h2 [HTTP/2, h2, h2c] module documentation.
    I's interesting to follow which sites use HTTPS, which use HTTP/2 (h2) and which got the old SPDY enabled. kw: h2c direct, curl, nghttp.
  • Carefully studied The Hidden Data Economy - The Marketplace for Stolen Digital Information (PDF, 19 pages) - This is where your data ends up, after it has been stolen? Well, it'll be probably sold to someone who can make more money out of it than you could. - Cyber fraud, dark market, internet underground, login credentials, cyber criminals, cyber terrorism, stolen credit cards, stealth bank transfer, identities, financial data, cyber crime as a service.
  • I'm going to watch a four hour long series of lessons about Cyber War and Cyber Terrorism soon. I just got the fresh video files from a friend working in the industry. I guess I'll be blogging a few things about that in future.
  • Also plunged into the deep web (Tor / Dark Web) to see if there's anything especially interesting, yet I didn't find anything worth of looking around. It's usually quite slow to find interesting stuff and I don't have time or resources for that. Yet one of my friends projects will probably use Tor Exit Enclave to provide secure and anonymous access to the site.
  • My comments to the never ending Nginx vs Apache discussion: "Nginx got it own limited set of features. It won't run some stuff internally, instead it works as reverse proxy. Apache is much more versatile with it countless modules. I've been using both, and currently I'm using Apache due exactly this reason. is also a good thing to keeping in mind, if you're looking for fast load balancing proxy. Also you might not need high 'static file serving performance' if you're using caching CDN. You're basically off-loading one layer of your stack to CDN."
  • Efficient use of asynchronous operations in Google App Engine - Nice blog post about how to utilize database transactions, tasklets and deferred tasks. Nothing new, all very generic stuff as means and as a problem. But this is of course very GAE platform specific thing. kw: tasklet, deferred task.
  • Hostile Email Landscape - Email used to be open and free system, but it isn't anymore. Because everyone new trying to enter the circles is being treated with pretty hostile and unwelcoming attitude. If you're email system administrator, or have tried to deliver email to most of the large cloud systems. I'm pretty sure this is no news to you. - I'm self hosting my own email system too, for privacy, as are many of my friends.
  • "Done is better than perfect" - This is the attitude I like. Doing something perfectly, is usually very bad idea. Especially when you don't actually know what the perfect is. It's just some kind of illusion in your head which you got. Did you get enough feedback from customers to make it perfect? Well, of course not, because you haven't been telling them what you're doing, because you'll only release your project when it's perfect.
    Release early, gather feedback, iterate. learn, lean! - That's what I've been doing with all of my projects and recommending to friends too. As well as tight communication with the customer on every step. Instead of postponing it for years, until it's perfect. - Also it's very important to find out whom your customers might be, they can provide a valuable feedback based on business / service / product concept alone, what they would need and expect from it.
    If you do all that stuff in secret, you'll get mentally crushed by customer feedback when they tell it's nothing they want to use / have. Customers also usually like if they get some kind of reasonably costly solution, making perfect will cost 10-100x more and if it isn't even what they need, well, that's not a nice situation to be in.
  • I've been helping a friend with his interesting side project. No more about that, but we've setup a few servers for testing and staging. Production servers haven't been ordered yet, but it's an interesting project. I really wish very much good luck for my friend with this challenge and hope he'll make well with it. It's his first commercial website so there will be challenges to tackle in future too.
  • Enjoyed reading: Internet Troll, Ad hominem, Black Propaganda, Gray Propaganda
  • It's also important to make separation between disinformation and misinformation. Some times carefully crafting very informed disinformation can be just really fun. Providing 'accurate' disinformation can be also very efficient method of counterintelligence and information war. There has been some news in Finland about Russia engaging in active information war, disinformation, propaganda. But it's hard to say if it's state controlled or just bunch of activists having some fun. Also see underground computer groups and cyberterrorism. There are quite many sites providing politically incorrect content and I'm not now referring to the US TV show. I'm just wondering as disinformation and counterintelligence, I wonder if it would be fun to 'leak' highly sensitive documents, which would be of course complete fraud and carefully crafted  by experts to look like real stuff. But the actual target is just to FUD the rest of net users and potentially cause resource consumption and wasted effort kind of attack via making things look like insecure and causing them to waste resources because of fabricated threats. Would they do such things? I guess they would.
  • Reminded my self about Thermobaric aka air fuel bombs / weapons, Russian Heavy Rocket Launcher TOS-1 Buratino.