posted Sep 29, 2015, 9:00 AM by Sami Lehtinen
updated Oct 2, 2015, 8:58 PM
- Read: Suomi.fi-palveluväylä - Finnish Service Channel (Enterprise Service BUS (ESB) aka X-Road) Development environment - Security Server installation requirements document - I've been following this ESB / X-road project very closely. I might need to work with it in near future. Kw: Ubuntu, central security server, CA service, TSA service, X-road software, PPA, keyserver, DNS, NTP, Information System, Certificate Authority, Time Stamp Authority
- Really nice Python & Database related post with many links by Charles Leifer.
- Nothing new but just excellent presentation about Statistics for Hackers.
- Sometimes launching hobby projects can be really miserable. Here's one sad story: "The toxic side of free. Or: how I lost the love for my side project" - I hope my side / hobby projects won't end up like it. Yet I love his attitude, anonymous services without crapchas and other stuff to hinder users. That's usually what I want to provide too. As simple and sleek service as possible. Get done what you want to do. No extensive sign-up stuff and several pages of bs how great our company and service is without even telling what it's doing. I've seen plenty of those sites, and I simply can't stand such junk. There are several services where it's almost impossible to find out what the real function of the site is, except that they're just so super cool.
- Studied draft documentation 'Digital Assets in OpenBazaar', which allows anyone to sell 'digital goods' online globally. - I'll be posting some thoughts and notes later.
- GNU Taler - Electronic payments for a liberal society! Actually this is just like other electronic money systems, the Mint is the key, rest of the system is open source. So yes, why not, this could be the open future for existing currencies. This is not a competitor to Bitcoin. kw: Taxable, Anonymous, Libre, Electronic, Reserve, RESTful, Free, Efficient, Secure., Convenient, Stable, Fast, Ethical, Security, Transactions, Payments, Pay, Transfer, Money, Currency, Economy, Trade, Taxation, Receipt, Free Software (FOSS), Open Source, Integration, Integrate, Web Payments, Electronic Coin / Money Mint Financial Services and Reserves, GNU, technology.
- Stored tons of network metrics data to sites hosted in Germany before C-Lion (Sea Lion?) cable is being used. I'll be making same measurements after the cable get's connected and write a nice post with analysis & comparison about it. How much the C-Lion improved the network connectivity. Three service providers in Germany and three in Finland were used to collect the data.
- Mooltipass password storage / USB authentication device. - I think all those extra features and customizability actually make it vulnerable. It's too high level cool implementation. Basically security devices should be as simple as possible. Any extra will just make the attack surface a lot larger and device much more expensive.
- This is a cool toy, and not designed for real security use.
- Laughed at laughable security once again. Basic things like firewalls seem to be above understanding of most of technical people. It's just so common occurrence that systems are repeatedly configured insecurely. Even after 100 nags, someone will fix it, lazily if they care enough. Then after a while settings are again reset to insecure values and that just goes on and on. All those talks about security, lulz, because truth is that things being secure are just an accident. Insecurity is the default norm for all systems.
- Brotli compression is again being discussed. I wrote about two years ago last time. Yep, it's always nice to get better compression codecs. Brotli is lossless compression and not lossy like most of video and audio codecs. Variant of the LZ77 so it's not that different from LZMA and others. Here's latest Brotli specification draft. And here's a comparison with other compression algorithms and with different data sets. Of course there's also snappy if you're looking for super fast light compression. It's a good idea not to forget zstd if you're looking for fast compression. You could think there's a single best compressor? That's wrong, check out this site and you'll get more information than you might have wanted to: Squash Benchmark.
- Checked out Backblaze B2 Cloud Storage - I like it, it's a lot of cheaper than Amazon S3, Google Cloud Storage or Microsoft Azure. Nice cloud data bucket storage as IaaS. Also checked a post about their DC even if it's already old news. I just wish they would provide European Data Center for European clients. It would have been nice if's API would be Amazon S3 compatible. I also studied their RESTful API documentation. Buckets, SHA1, Unicode (UTF-8), Checksums, versions, MIME, Python. Played a little with their Python pusher. Actually I would love to see projects like Duplicati including B2 support. Yet B2 API requires SHA1 of file being uploaded, which with large files means that file has to be read twice from disk adding extra I/O load. It would be nice to be able to avoid that. Because API works already over TLS which does contain checksumming and protects data on transit as well as TCP already got CRC which is pretty much useless if there are high error rates. Anyway double checking data still requires double CPU & I/O. I also got confirmation that they're not planning to enter European market anytime soon. I think it's still ok to use their services, but all data should be separately encrypted.
- OpenBazaar main site is now redesigned. Nice face lift to the that old placeholder page.