Blog‎ > ‎

Safety, Pipenv, SSH ChaCha20, User Accounts, SPF, Sysfs, Avaiability, TCP stack

posted Aug 27, 2017, 5:47 AM by Sami Lehtinen   [ updated Aug 27, 2017, 5:48 AM ]
  • Trident Safety - Well, as said. It doesn't really matter if IT companies got really ridiculously bad security. But when bit more 'serious businesses' got bad security, it's bit more serious. Yet nobody seem to care about that either. Tail gating, my classic favorite, made me smile. Not checking what you're bringing with you. Just the standard procedure. Well, I've been pretty happy with airport security lately. Yet here are still frequent fails. At least on basic level, they even try to follow security procedures and those aren't being completely ignored. At least on international airports. Well, every business got it's up'n'downs. Nothing too special.
  • Checked out pipenv - Awesome tool. I've been using virtualenv and pip naturally with my projects. Yet usually I hope I don't need it. Why? I prefer to use limited number of libraries and usually the most recent 3.X python version. Which means that the configuration is so standard, I don't need different setup & configuration for each project. Of course this is due to my very limited scope of projects. There are some other projects which I'm using, which do heavily rely on pip and virtual environment for dependency & version management. But even these projects provide ready packaging, unless you're building everything your self and using developer mode. 
  • OpenSSH added new cipher: chacha20-poly1305@openssh.com, yet GCM modes have been supported for quite a long time. Some older SSH clients dno't yet support other than AES-CTR modes. Newish ciphers: aes128-gcm@openssh.com, aes256-gcm@openssh.com
  • More "standard personal user account management processes". Lulz. How about sending about two hundred user names in one mass listing to everyone listed. Just pick your own credentials from the list. This is always as funny as it happens, and seems to be the normal way of doing things. We anyway trust everyone, so there's no need to keep private and personal credentials personal. It's also very handy, if I don't have access to project X, I can just pick someone else credentials who got the access and it's not going to be show stopper or slow down the process. - Awesome. - We get the things done, and do not focus or waste time and effort on non productive security bs discussions. - Only good thing this time was the possibility that I could login with the 'everyone knows' password using my accuont and change it to use actually personal password only known to me. But as I've reported earlier, often that option has been disabled / prevented. Because it wouldn't be handy at all, if someone wouldn't know my password and couldn't do management tasks which are only assigned to small group of people. - Why this reminds me about that Trident Safety post strangely.
  • Once again never ending discussion about SPF and spam. Duh. It works, if you configure it correctly. If you mis-configure stuff and don't do it right. Well, it works just and exactly as it's supposed to work, aka not work. What is the problem here?
  • LinkedIn 2FA again broken. It's nice to have safer system. But if it makes in unusable or inaccessible, is it actually better at all? (This is from backlog too)
  • Reminded my self about Deadline scheduler's sysfs tunables.
  • Nice post in Google Cloud Platform's blog. Available or not - Things they mentioned: Availability, Mean Time Between Failures (MTBF), Mean Time to Repair (MTTR), Error Budget, measurement, user-expectations, business objectives, Site Reliability Engineering (SRE), cost/benefit trade-offs, opportunity costs, developer operations.
  • I see all the time messages how complex TCP stack is. Well, I've seen pretty compact implementations. telnet.com during DOS times got one. It maintained only minimal information for a single TCP connection and worked pretty well, as well as used fixed RWIN. I've also seen pretty interesting implementations on RS-232C - Ethernet / TCP adapters. If you have to implement cheapest ever way of maintaining TCP connection with minimal code & RAM & CPU power. It can be done in pretty compact space. Oh why telnet.com? Well, whole point of .com files is that maximum size was 64 kilobytes. With today's bloat crap ware, it seems miraculous that anyone could have ever done anything with less than 64KB apps.