Siirto, MobilePay, Alibaba, Duplicacy, Smishing, SMBv1, VPN, PGP, Identity, Privacy

  • Siirto - Real-time P2P mobile payment system is being developed fast. But so far there's no public information about it's business features and complete ecosystem. The eCommerce and InStore payments will be published later. Payment integration terminal / point-of-sale tracking, for medium to large businesses including e-Receipt using Finvoice receipt standard. Ref: Tieto, Automatia
  • Danske Banks MobilePay MyShop, Mobile Payments for entrepreneurs. No need for expensive payment terminals / contracts. Just small provision, which is less than 1%. Accepts payments using mobile phone, QR code or five digit shop id. Sounds quite handy so far. Daily transfers / payments from individual transactions to bank account daily. - Honestly I'm quite surprised that companies like Danske Bank are unable to provide any further product information in English. That's too bad, because Google Translated versions are just as lame as you might have guessed.
  • Worsening services on purpose. My electricity provider used to provide 15 minutes resolution logging. But now they've worsened the service, and only hourly usage data is available.
  • Alibaba Cloud, even their sign up doesn't work. So much lulz. We provide infinitely scalable platforms. But we can't still create basic signup which would work. - Come on, what would you expect from their service after that kind of start? - So typical. Actually the sign up process failed in two distinctly different ways. OTP code not working + resend code not working: 'Network busy, try later again'. Hmm, I would rate that as 'great job guys'. - Cloud is full, go away!
  • Dupicacy - Yet another backup tool. Seems to be pretty fast, but that's trade-off between bandwidth and storage space consumption when comparing to Duplicati.
  • Smishing = SMS pishing. Ugh. New words for really old stuff.
  • Found out that there are still many applications and environments using SMBv1, so disabling it isn't an practical option / alternative.
  • I'm somewhat confused about all this VPN lobbying. How using VPN makes you more secure when using public WiFi (WLAN) or any other Wi-Fi? It just adds extra hops and latency. Depending on situation it could add extra monitoring. All traffic should be encrypted anyway.
  • Partial encryption. I'm no security expert, but sometimes security advice is so confusing and doesn't make any sense at all. Yes, using VPN (@ Wikipedia) will protect you from a set of limited local attacks. But it shouldn't make any difference with apps which are already somewhat secure. I personally just don't see the benefits. If there's an attacker who's after me, VPN wouldn't help. And if it's just some generic MitM attack, it shouldn't affect secure software anyway at all. So could someone please explain me what the benefits of VPN are in this specific case? Because I have seen lots of ambiguous blah blah. But the real hard facts please. Does my SSH session somehow become non-secure without VPN, how about my own HTTPS server with my own certificate fingerprint? Maybe my OpenVPN (@ Wikipedia) isn't as secure without using some random VPN? Or what? Please, explain.
  • Still reminds me from one product demo and documentation, which said that they provide absolutely anonymous with strong identity guarantee. Without explaining the facts adequately. No, the product is actually good one and well implemented. But the message how their marketing BS department brought it out, made me just laugh and cry at the same time. I've written about this earlier. I personally prefer strong pseudo-anonymous identity. It's up to me, if I create new identity for every message, or if I at some point later maybe link some of those identities to my real identity or so. But these concepts seem to be quite hard for marketing bs departments. Yet free and awesome products like GnuPG / OpenPGP let's me do all this trivially. I can make pseudonymous post with no history or future, and after decade reveal that it was me, so I can prove it with absolute authority. Some people claim that OpenPGP / GnuPG / PGP is bad, but it's totally awesome and much better than most of other products out there. On of the key features is also revealing encryption key for just a single message. I don't need to give out my private key. I can just give a symmetric key being used with the one message. As well as cross sign it, and so on. This is message A, this is K for it, and here's the key and message signed with my own personal well known strong identity. Many other solutions won't allow me doing that. As well as if I've used separate public key for it, I can reveal the public key so they can verify the signature as well cross sign some nonce, like the requesters public key or something, with my own personal key and the key used with the message to prove that I've got access to the private key. - There has been some news that in some cases people do acknowledge that PGP does provide mathematically strong identity, but it seems pretty rare understanding at the moment.
  • Something different? Sukhoi HAL FGFA.

2018-09-30