posted Dec 18, 2015, 8:53 AM by Sami Lehtinen
updated Dec 18, 2015, 8:53 AM
- Studied a few self-hosted alternatives to popular cloud services.Nice post. You don't always need to use 'cloud services' self-hosting provides much better flexibility and security against some threats. As well as security might be a lot worse for other threats. What's always required is proper risk benefit analysis. Also in some cases it's better to lose the data than allow it to be leaked. This especially applies when strong encryption is used. Which is worse, data lost or data leaked/stolen?
- Made a lot work with different HTTP RESTful API calls. Some stuff was more or less like, try until you run out of things that can fail. And that's tiresome job. So many layered fails. Missing headers, incorrect encoding, wrong boundaries, etc. But hey, I got it all fixed and working. Why all that? Sometimes I just want to try some things on low level so I can tell I truly know how it works. Using some high level library actually let's you to be blissfully ignorant about many details. If you're web worker, can you tell me exactly how multipart/form-data headers and content need to be stored? On byte level? No? Well, that's just my point. Try things to know how it needs to be. Well, truth is it's enraging when things won't work. But just try for an hour or two, read more, understand things, and bam, when it finally works in every detail. It's great!
- Tons of work with databases, json, xml and generic boring data mapping and CRUD stuff (Create, Read, Update, Delete). But that's what pays the bills and actually provides value to customers, instead of doing something 'hype stuff'.
- Some reports claim that it's possible to format barcodes which when read using wedge scanner do all kind of things.Sure it is. But this doesn't require 'security researcher' it should be pretty darn obvious to everyone using keyboard wedge scanners. No news, I've personally know this for 18 years. And I didn't know it earlier, because I hadn't worked in the industry. But for everyone in the industry it's not news at all.
- Enjoyed not so interesting issues with WD Scorpio Blue drives. Which break down very gracefully. Worst part is that those drives won't show in smart data that those are broken. The only way to figure that out is to compare two drives and find out that the other drive might be 20 times slower than the other on some disk regions. Really really annoying. Makes quick and conclusive analysis really hard. Best way to find it out is to mount two drives in parallel and then just write and read through whole drive after formatting. If drive takes more time than it should it's broken. I actually did post extensive post about that a while ago. Yeah, my posts are out of order again.
- With one service we wrote the code so that it only trusts 1st party data which has to be signed. Any relayed data will be ignored, and only used to connect the first party and tech validity & authority.
- Eddystone BLE beacon distance information is easily spoofable. So it's important to remember that it must not be trusted. Only bidirectional connection with latency monitoring can be used for distance estimation. Any signal strengt based approach is inherently flawed of course.
- Using git and it's standard highlighting has made me obsessive about trailing and totally meaningless whitespace, but it just looks bad in commit logs, so it's good idea to clean it up. Most of editors of course allow totally automated function to clean up all trailing whitespace.
- When using Bluefish and Notepad++ editors in turns, it's really annoying that Notepad++ uses Ctrl+L to remove a line and Bluefish uses Ctrl+L as goto line. If you're not paying attention you're just deleting random rows from source. Ouch! Ok, luckily it shows up when testing (not always) but finally it'll be caught when checking diff for commit.