posted Apr 1, 2017, 8:27 PM by Sami Lehtinen
updated Apr 1, 2017, 8:27 PM
- So traditional fail, leaving everything visible on desktop and in email client when sharing a screen to give a presentation. No, you really can't do that. I wouldn't buy anything from a provider which does that. It's so massive security fail that it can't be tolerated. Yet this happens quite often. Every time someone makes this silly mistake, I'll take immediately a screenshot, so I can review in piece that information got revealed. - Very easy way of collecting information which you weren't authorized to access, or wasn't meant for you to be seen / known. OpSec Fail.
- Compared US 4G / LTE operators for a friend in Los Angeles. It seems that the network performance there isn't often nearly as good as it is in Finland. Also available options are much more expensive. Especially if you're looking for unlimited data.
- Had long discussion how Google Cloud Storage buckets and B2 storage buckets can be mounted as file system on Linux using FUSE and suitable software. Tried both and it works well. Yet it's good to acknowledge that there's major overhead and performance isn't going to be great.
- Interesting article: OpenBazaar Truly Free Trade Through Crypto. It's awesome that there are more and more distributed p2p platforms which do not rely on central server(s) and aren't controlled by one closed profit making organization. Blockstack mentioned, I'll need to read more about this subject. Another interesting post Can Bitcoin and Multisig Reduce Identity Theft and Fraud?
- Still about flash and random write. I cloned one git repository with around 10k objects, in total only 2 megs to flash stick, and sync operation took more than 6 minutes after git had finished. Write caching often masks the true latency on flash writes.
- A good joke, the S in IoT stands for Security. Hahahah.
- Had long discussions about project management, coordination, team communications, etc. It's always as fun as ever. Same topics, over and over again. Nothing new.
- One application were crashing so often, that it was easier to create another application which restarted the first application in case it crashed. - Wow, that's really state of art development. - Yet this seems to be industry wide standard solution.
- Studied mPOS tracker by Pymnts. Very nice issues and good reading.
- Had more interesting discussions about helpdesk. Should helpdesk care about matters which are deeper or systemic problems. Or do they only deal with fire department matters. Let's say that system X is crashing several times a week. Is it ok, if helpdesk just restarts the system, and then it's fixed. We all know darn well, that it's not a fix or solution. It'll happen soon again. What about thinking it bit deeper, and even trying to acknowledge that this is not a fix, and trying to find the real problem? And now I'm not talking digging really deep for true root cause. Just looking bit deeper to see what's behind the issue, and not completely ignoring the fact that there is a deeper issue somewhere. - Just so generic question, who's responsible for what and how things are escalated forward correctly.
- Unencrypted doesn't mean unauthenticated, those are separate things. It seems that people often confuse these. Also encrypted doesn't mean authenticated. Also authentication can be just connection authentication and it doesn't mean that the payload would be authenticated using MAC, signature or similar cryptographic means.
- Bruce Schneier: 'The internet era of fun and games is over' - IoT is and will be major security headache in future. It's also nice to watch Mr. Schneier when Dr. Fu is talking. Understanding the Role of Connected Devices in Recent Cyber Attacks.
- UK uses funny terms like: "Equipment interference". I'm sure you'll guess what that practically means. Anyway, they managed to create nice storm and titles like. - "How can I protect my self from government snoopers?" - "Everyone who can now see your entire Internet history, including the taxman" - "Your entire Internet history to be viewable by many agencies" - "The most extreme surveillance law ever passed in a democracy" - That's nice. Most of population won't care and those who got required knowledge, do not care in a way, because they can circumvent the monitoring using different technical means. Like VPN and systems which do not reveal metadata and communication patterns and use high grade encryption.
- Helped a friend to choose a perfect European VPN service provider for personal user specific needs.
- Something different? Mine-Resistant Ambush Protected (MRAP) - A specialized protected military vehicles. Which often easily topple over.