Blog‎ > ‎

NaCl, Cyber Crime, Compiling, Depedencies, Breaking Changes, Error Messages, Software Fail, CIIP

posted Apr 18, 2016, 8:33 AM by Sami Lehtinen   [ updated Apr 18, 2016, 8:33 AM ]
  • Had some issues using NaCl, had to recompile it after trying to upgrade python version and installing pynacl using pip.
  • Europol Cyber Crime Prevention Advice - Good basic list of things to do. National Cyber Security Centre Finland (NCSC) also got it's own list of recommendations. European Cyber Crime Center EC3 - Combating Cybercrime in a Digital Age.
  • Thank you LinkedIn for LinkedIn Premium Spam. - No thanks, where I can click not to receive any more spam?
  • NTFS - Still like aww, why no file level snapshotting. It would solve some of my problems.
  • Snort - Network IDS or NIDS and at Wikipdia for lighter approach.
  • Had my fair share of fun recompiling python and libsodium and resolving all the dependencies, also finding out that some pip installations fail, because bzip2 isn't compiled in and it isn't compiled in because libbz2-dev is missing and. Yeah. Got it done, but it was a mess. I wonder why some other developers & admins have been also having some fun with Linux dependencies. There's even XKCD 754 about this mess. To make that work, you need clojure and then you need python and ruby and perl and oops, wrong version and then some lisp and. What? We don't have rust yet installed, ok... What next, let's add some java and go. Actually I'm still missing at least Fortran and Pascal. Ok, now we got only UCS2 support, let's add UCS4 support and recompile. Hmm, joy. But nothing beats the one and only POSIX C. Actually any of my linux servers do not yet have mono installed, I definitely need to add some .NET code. - Some project also needed newer Python so I had to compile 2.7.11 from scratch. It also had some dependency issues, but I got it all sorted out. So much fun, oh boy.
  • I just love projects which do more or less random breaking changes weekly. Then when you need to update something, you'll end up with totally debilitating amount of things to fix. In best case, you do this daily, and spend a few hours / day fixing new issues. But sometimes the issues created are so bad that you can't even get your things fixed fast enough to keep up with current version. This is what I've heard from a few guys with WordPress project. Things keep seriously breaking down faster than you can fix those. Growing maintenance is just like churn with SaaS business (or any other business). You're not growing even if you would get million new customers per day, because you're losing as much or even more. So when software maintenance takes more resources than you've got, then developing anything new becomes quite hard. You're just lucky if that barely (or somewhat) works which you've already got.
  • About error messages, if I disconnect network drive or USB stick or remove external harddisk. Notepad++ says 'file is open in another program'. Which is a lie. When developers learn to give informative error messages which aren't misleading lies? Art of giving error messages is, well art. Usually error messages are just exceedingly bad or total lies and misleading. But I'm sure that's not news. Just take a look at that my fight with python recompilation whine just a few bullets above this one. 'Not found' but 'why' is missing.
  • Sometimes it feels that world is only full of *t software. But yeah. That's pretty much true. Everything is broken or horribly broken or absolutely catastrophically failing. In that sense all those security talks I've been listening sound pretty ridiculous. If the question is that does it work at all, it's kind of silly to ask how secure it is. It's just like going to war hospital and asking from a guy who's both legs has been just amputated and he's narrowly escaped death, if he's going to make next Olympics hurdling. I would think it's rather pretty distasteful trolling.
  • Hmm. This post seems to be quite negative. Of course there are great things too, when you get stuff to work after all this trouble it's great. But the question is why there was all this trouble in the very first place.
  • Carefully studied national critical infrastructure protection (CIIP) and risk report 2015. I'll blog more about that bit later.