Blog‎ > ‎

SpamAssassin, Virtualization, Cloud, Project Management, Privacy

posted Oct 6, 2013, 6:04 AM by Sami Lehtinen   [ updated Jul 31, 2016, 9:40 AM ]
  • Continued studying and playing with Google Cloud Platform
  • Noticed that Namecheap failed to use SSL when handling credit card information. Perfect example how you shouldn't do things.
  • Read documentation how NSA tracks Tor users using advanced malware and exploits in client computers. De-anonymizing tor network itself seems to be quite hard even for them. Even if it's well known that Tor is low latency network, and therefore doesn't provide protection against "global internet monitoring adversary" and statistical traffic analysis methods.
  • Been having long and interesting discussion with one cloud service provider about different pricing models and how those practically affect customers.
  • Configured SpamAssassin for my mail server. I personally don't like email filtration, because there's always possibility of false positives.  But I got sick'n'tired of some ridiculous dietary supplement and stock market scam spams. So now I'm filtering mail, but only very obvious cases are automatically rejected. Of course the sender is also informed about the rejection, so they can contact me with alternate method if they really see that necessary. 
  • Fall is coming and it's time to do something actually meaningful. Therefore I just ordered new computer with Intel i7-4770K, Kingston 4x8GB (32GB total) 1600MHz CL9 memory and 500 GB Samsung 840 EVO SSD and Asus Z87-PLUS motherboard. Maybe I should have chosen even faster memory for the CPU, I don't really know. But now I got something to play with during the winter. I'm bit disappointed because it's only 2.7 x as fast as my old computer with trusted Q6600 2.4 GHz CPU. New hardware allows me to run LXC and VirtualBox efficiently, and improve security drastically. I don't now use the host for any web activity. The host OS is now minimal platform for hosting several secure virtual machines, allowing 100% separation of data with different security requirements. As well as allowing me to run 100% state reset, anonymous, instances for private communication. When I'm done with what I just did, I simply shutdown the VM and restart it, and all traces are gone, no information what so ever is saved between individual sessions.

  • This is quite nice project. It's just like my protoobfs (Simple Protocol Obfuscator) suggestion, but this is way more advanced. 
  • "Code-Talker-Tunnel - Code Talker Tunnel is a protocol camouflaging tool, designed to reshape traffic output of any censorship circumvention tool to look like Skype video calls. Our software can be used as a SOCKS proxy and therefore it is extremely easy to use it with different anonymity and censorship resistance tools."
  • What a joke, BitTorrent guys release "closed source", NSA proof messanger chat application. Ha ha ha, closed source, NSA proof. Sound's really credible.
  • It's good point to notice, that because fingerprints can't be changed, those are more like user id than password. So when you ID your self, you could use RFID crypto chip, PIN and fingerprint. But fingerprint alone can't be used as password. Of course you can use fingerprint + pin when you open doors or devices etc.
  • Now it's good time to remind yourself what it takes to make the IT project actually successful. 
    1: Have a competent project manager
    2. Have personnel committed to the project
    3. Have efficient Communicate with enough detail and with right team members
    4. Have a realistic plan, with scope, money / resources, schedule and quality
    5. Have organization management committed to the project as well, otherwise step 2. will likely fail.
  • Have been enjoying one standard ERP-integration project, where customer has totally lost reality with scope, schedule, quality and cost. Based on my experience these projects usually have totally ridiculous scope, compared to schedule and cost. In those cases quality is of course going to be a problem, because there's no time to test anything. Of course there's a solution, let's just push it into production, right? Project is always "late" and things aren't "working". I have also noticed that in these cases customers often require ridiculously detailed documentation, because they don't have any kind of clue what they're doing anyway. Documentation should be like, that if we now fire our system administrators and hire a few "techies" they should be able to run the show based purely on project the documentation. Ehh, it's not just going to happen. If the documentation is very extensive, who's going to maintain it anyway? I often prefer to write pretty generalized documentation, so it won't be invalid after some minor changes. 
    Often in these situations it turns out that the customers project people do not even understand details related to the project. Therefore using the insanely complex system what they requested will stumble quite quickly after the project is finished. There's simply no-one on their side who's able to properly maintain the complex system.
    It's like if we now donate nuclear power plant to Africa and give them quick education how to run the plan. Do you think that the plant will be properly maintained and run for following 50 years? I don't think so. - Yet again, been there done that. So one important rule, don't design, request and order system which is so complex that is grossly exceeds your organizations skill level. Well, in this case it also turned out that the customer actually was totally unable to design the system, that's why they bought the (custom) app outside. I guess this is quite common issue especially on web-side. Where clueless customers want "Disney like" site for 5000€. After that they think that their cheapest they could find webmaster is able to maintain and further develop the site. Well, now it's said. Death march project.
    Even if this might sound bad, it's not. I'm 100% sure this is familiar stuff for every project / IT guy out there. ;)
    To be honest, this isn't so serious. It's much worse when this kind of project has been going on for years and people have been giving absolutely everything trying to make hopeless project to become a success and then whole project is folded. Luckily I'm not in a such situation. But I know many friends who have been. It's not a good situation to be in. What would you think when you have been working very hard and then you're told that everything you've been doing in last five years is actually meaningless. - Duh!
    (If you, the reader, are the customer, this is my honest professional personal opinion, and that's it.) 
  • This Pizza Worm review made me smile. Unfortunately they didn't reach 100 pts with super burp in that review.
  • Read the interesting article where they told how it's on NSA's agenda to ruin security of many applications. I think they have been successful at least with IPsec, it's just totally useless and inoperable even with firewalls from same manufacturer.
  • All this darkness in Finland is miserable. That's why I just ordered 65W 6500K EFL full spectrum lamp as my wake up light. It's equal to about 400W halogen lamp. Every at 6:00 it turns on and blasts me up from bed with bright light (as Gremlins would say). It's completely true that when it's summer in Finland, it's better to enjoy about it. Because rest of year will be gold and dark. During winter months, it's pitch black when you go to work and when you leave from work. You can see sun during lunch time if you're lucky.
Sorry about short post. I'm still doing migration from Evolution to Mozilla Thunderbird and I cant therefore access my full "to blog about" backlog. Of course I could, but I don't especially enjoy reading messages in maildir format. So this is all fresh stuff now.