Null, Locking, Payments, Cyberwar, G-code

  • Finally encountered data format where "Null" as a string and actual null as no value, aren't different in anyway. Isn't this legendary meme subject with developers. Now if someone uses value Null in the data structure, it'll be interpreted as being null. Duh. First time ever, I've seen this in actual production data / environment. I've always laughed at those jokes being kind of childishly stupid. Like little bobby tables from XKCD. Reason for this is that the parser they're using can't handle empty values at all and strings aren't quoted in anyway. Therefore something like "" or '' won't work. Nor they can use \x00 or something else. They've just chosen to use string "Null". Btw. I wonder why people use \x00 when \0 would do just as well producing null byte.
  • Digital locking, is just a big joke. Broken in different ways day after day. Systems fail, crash, are misconfigured, etc. Legendary. So much industry lies and disinformation. And also yet another reason why there's always mechanical bypass for these elitist locking systems. Which is kind of funny. Because now the systems can be attacked in two different ways.
  • Read book: "Mobile Payment Systems - Secure Network Architectures and Protocols" in category of Computer Communications and Networks. ISBN 978-3-319-23032-0 / ISSN 1617-7975. I'm pretty happy, when I can say, that it didn't contain anything new to me. - That's the way of knowing, you'll know pretty much already. Yet, this is very nice summary in case you're not familiar with this field, terminology and technology.
  • Worryingly some payment protocols do not even have proper replay protection. I've seen several. It doesn't even require replay, it's enough that the message processing times out and transaction is retried. This might easily lead to double issuing something, because replay protection / transaction identifier is missing from the token. It's just like Grand a Thing. There's nothing to differentiate retransmissions and retries from authentic new request. So bad design. I did report this and ask for fix, but nobody seemed to care a bit about this. Business as usual, which will probably backfire later.
  • Worked with one customer which has extremely tight security policies. I liked it, even if it makes some simple tasks much harder and slower to accomplish. It also means that their systems are actually quite secure, compared to normal "null security" approaches used by most of businesses.
  • Yet another reason using IPv6, CGN IPv4 NAT can cause serious privacy issues. kw: cgnat, RSIP-NAT
  • Watched Cyberwar documentary series season 1. Nothing surprising, I think I knew all of the cases before watching the series. There were a lot of obvious things and no surprises. I guess X-files said it already, trust no 1. Even if they don't do it intentionally they can help someone inadvertently.
  • Spent lots of time working with raw G-code for 3D printer, because where were some issues and I wanted to bypass certain functions automatically performed by the Slic3r / Slic3r @ Wikipedia.
  • Checked out ShadowSocks. One nice alternative to VPN. Secure tunneling using socks5 protocol with encryption extensions.
  • It seems that the OpenBazaar-Go server is leaking memory when it runs for days under severe load. Not much, but it's still a leak. It would be quite recommended to restart the process daily or every few hours. Instead of keeping it running until system runs out of ram. Of course memory leak is quite static so having plenty of swap can alleviate and delay the problem for days. But still, it's not a pretty solution.

2019-02-17