posted Jul 20, 2015, 10:17 AM by Sami Lehtinen
updated Jul 20, 2015, 10:44 AM
- I just so much agree with this No Estimates concept. Because truth is that estimates are usually horribly wrong and not counting multiple factors. As well as so many of the details are missing that estimate is really a complete guess.
- UK is again considering banning of encryption. This is strange trend. Don't they realize how much it can harm economy? Yet it won't be a problem for people who are willing to use encryption even if it's illegal. You'll just need to camouflage it so it isn't obvious. Crypto Wars are back - Should all encryption contain backdoor so it can easily be decrypted if required?
- Had extensive discussions about international trade and business arrangements with a few friends.
- Telegram was under massive 200Gbit/s DDoS Attack. Attckers were using Tsunami SYN Flood.
- Checked out new contract schema drafts for OpenBazaar .
- Also studied pre-existing schemas at schema.org - I love standards, but I always want that the standard is extensible. Most of standards really aren't in any easy way. Does unknown field cause an error or is it silently ignored? Well, if it causes process to fail, it's not extensible, because you're creating new standard for adding something simple into old standard.
- I like standards really, but I also acknowledge the need for extensible standards. Especially in cases where quite simple things are being done using some heavy standard is a good example when I don't like standards too much. In such case studying standard can require a lot of time, there can be several complex traps in the standard as well as the implementation being build probably shortcuts most of the standard. Then you have a 'standard' solution with extremely limited functionality which causes errors when anyone with fuller implementation tries to talk with it.
- OpenBazaar DHT and long term data storage: All data stored in distributed network / DHT should have TTL as well as most probably re-balancing (republishing) at quite rare intervals. These are the things I've been tuning with GNUnet guys back a long time ago. Originally they didn't have any expiry and it was bit strange, only new nodes stored new data as old nodes were full of old data. Duh! Yet this is the case where potential spam / flooding can get really dangerous and problematic, potentially hindering functionality of whole network for extended period.
- What's new in uWSGI 2.0.11 - No HTTP/2 - support yet. I guess they haven't figured out what's the best way of doing Server Push.
- Firefox starts to block Flash as default (Until most serious vulnerabilities are fixed). Yay! It has been causing so much security trouble. Now it's a must to start using HTML5 instead of Flash. Everyone has recommeded this for years, but well, u know, people and organizations are really slow making changes until they have to.
- Reminded my self about QAM, OFDM and SSB. Interested? See modulation @ Wikipedia that's a good starting point.
- Checked mobile power consumption 3G vs 4G on in my typical usage environment. Difference is really small, and 4G speed and low latency makes things nicer so it's a win for 4G (no surprise there).
- Frawned once again about security procedures (total lack of those). Everything is installed and configured randomly and not even fixed in case there are reports of serious misconfiguration.
- Well how's that different from Adobe Flash issues? Well it isn't. Who cares if there are serious exploits or bugs. If there's no widely used exploit for those, it doesn't matter. It only matters when it's actually happening, before that it's only theoretical threat.
- Reminded my self about Paravirtualization.
- Studied Google's Eddystone and their Blog entry about it. It's a flexibe iBeacon replacement. Also see Electric beacon. This is also a concept which could bring new business to small startups dealing with those. The Eddystone's telemetry frame (Eddystone-TLM) is also very interesting from this aspect when combined with Beacons Diagnostics. It's really nice that the Eddystone supports URL beacon instead of UUIDs alone. Problem with UUID is that for most of people it really doesn't mean or represent anything at all. UUID is about as useful as MAC address of WiFi base station. It can be meaningful to you, but in most of cases, it just doesn't mean anything at all. There are also some encrypted frame types like Ephemeral Identifiers (EIDs). It's also good to knowledge related technologies like Weave, Thread and Brillo all of this also realtes to Internet of Things (IoT).
- Checked out AltBeacon. Read the AltBeacon protocol specification and frame type. Yet AltBeacon is super simple and only sends really short UUID making it also as useless as iBeacon is without external database. Useless? Well, I just now got 6415712610302 in my hand. Of course you should know what it is!
- Reminded my self about Bluetooth Low Energy (BLE).
- Also checked out Google's Physical Web project. Yet it's merging to use Eddystone technology. I also love the concept, because I personally would prefer almost always HTML5 application over native application. I just hate installing tons of junk on my phone, when I really rarely need those. Using a properly designed HTML5 website, when I need one would be a lot better option.
- Frowned to Microsoft, I guess they're working hard to make things as annoying as possible. Running CleanMgr.exe is really annoying on 2008 R2 or 2012 R2. I think Windows is even harder to use than Linux. There's absolutely no user friendliness what so ever, they've made it about as annoying and complex as it can get. I just posted one solution to the problem here.
- Read some deliciously enjoyable stuff like: Potato paradox, Ham sandwich theorem, Pizza theorem, Pancake sorting, Fair cake cutting
- Checked out Socket.io and PeerJS for efficient P2P direct in browser JSON utilizing WebRTC communication without needing to pass data via server.
- Checked out OpenBazaar contract types: Physical Goods, Digital Content, Services and process flow charts for Physical goods (flow), Digital content (flow), Services (flow) - Getting a contract expiry is a great thing. There's also a new way to host images ant vendor's node. Which probably means that there will be some kind of new API call to fetch data in case data can't be fetched directly over HTTP. I also want to get the data so that it doesn't need to be refetched when contract is refreshed, so the image data can remain static, even if other parts of the contract get changed. Also the process used to encrypt address using XOR and nonce makes me think, but no conclusion yet. I have to find out why this is being done. I heard that they got cryptography professor, I hope it helps!
- OpenBazaar is generally very interesting project. Networking, P2P, DHT, Reputation management, Transaction Ratings, Python, OpenPGP (PGP), E-Commerce, Encryption, Digital Standardized Ricardian Contracts using contract type based schema, BitCoin, Multisignature (multisig), Escrow, Moderators, ECC, Cryptography, Semantic data, Digital signatures, Cryptographic hash, JSON, databases and all that stuff, Financial Power combined with global free P2P trade! Connecting vendors and buyers around the world. Minimizes personal identifiable information (PII) leak yet provides strong identity using GUIDs, metadata, network data. This is exactly the kind of project I've been looking for several years and have been wondering why nobody sees the potential for it!
- Checked out a Passcard - a Bitcoin based identity and authentication solution. Ok, I had to register too. Here's my Onename profile.
- Reminded my self about DNS Glue Records and circular dependencies.
- Had not so fun with DISM and Windows Servers. It's huge mess with bad instructions & documentation. I would really like to cleanup winsxs from all uncesessary junk, with Windows 2012 R2 it's reasonable, but with 2008 R2 I can't find similar commands? It seems that the things work differently with every WIndows version, hor annoying is that?
- Reported a few seriously bad IPv6 routing issues to corresponding NOC's (Funet.fi, Nordu.net, OVH.net)
- Studied Google's Disaster Recovery (DR) Planning Guide and Cookbook.
- Now when IPv4 addresses are running out it's interesting to see traffic from IPv4/8 addresses where you never used to see traffic earlier like 1. 2. and 5. I actually got severs my self in 5. which use to be 'used by Hamaci' because nobody uses it. Smile.
- Launched a poll in IT Professionals group, if you use SLAAC, DHCPv6, Static/Manual or some other method to configure IPv6 addresses.
- It seems that it's hard to get for some people that when IPv6 starts to be used, and no IPv4 is being used, they have to start using IPv6 too, there's no other way to get things to work. Even if they still got 'enough addresses' behind their NAT. Smile.
- I don't know if it's really necessary so often, it seeems that my home network triggers ICMP6, neighbor solicitation, ICMP6, neighbor advertisement for all IPv6 addresses every minute.
- From my G+ post: " Well DHCPv6 doesn't always help with audit, because in some cases it won't help compared to SLAAC at all. Unless there's some additional authentication layer, it's really hard to get any information who's using which address and logs won't provide enough information. Even if logs would contain MAC you can naturally trivially change it.
This is the area where many things need to be changed before things work out really well out of the box. Well, ok, not all DHCPv4 servers neither log mappings nor traffic, so that's not a new issue either.
You can also log NDP traffic when using SLAAC and gain basically same information you would get from (working) DHCPv6 logging. "
- And " Full port security was also first thing come into my mind, but that's pretty expensive solution. Most of networks do not require that kind of security. It's just enough that's some way to detect users. It's also interesting to see what kind of problems arise from network filtering or lack of it. I've already noticed that filtering MLD causes loss of connectivity at some cases and well of course not filtering some messages has similar results if someone just purposefully injects those to network like rogue RAs.
- I remember good times when you could bring major systems down by hijacking just IP on switched large network or running rogue DHCP server. Smile. "
- What's the difference between LAN and WAN in future, none? 'LAN, service provider is often responsible for WAN. But because we're talking about the Internet, why you should have lan, you can just bridge WAN to make it a LAN. same stuff, no router needed, just a switch. In many environments I don't have separate 'LAN' at all, it's just switched Internet and depending where packets are going those go to LAN or WAN.'
- Studied UHV power transmission in China.
- Debugging one network with tcpdump required me to refresh my memory about RA MO flags.
- Quite nice and a simple post how backpropagation works on neural networks. A good read if you haven't ever really thought about it.
- Glanced OpenBazaar Docs Documentation site. - There's a ton of stuff which I have to study later, it's all so good stuff.
- A nice Infographics by BBC about Artificial Intelligence.
- Once again thought why we do not yet have universal strong identity for ehh, for lifeforms (I said universal). Ok, let's say for humans. Many people are using IBAN it shouldn't be impossible to provide a global strong identity for people. Issued by governments.
- Just a post how to learn data science. It's a guide basically, how to get started. I personally couldn't agree more.
That's how I often get things done. I pick interesting topic and then I
create related project. To get my stuff done, I'll have to learn how to
get it done. keyword: learn by doing.
Back log is still building up. I'll really need to create one what I did during the summer dump.