Blog‎ > ‎

Telegram, OBMP, AMQP, Projects, Residential Network, Cloud Automation, Google Pub/Sub, Git, FISC

posted Jan 18, 2015, 1:22 AM by Sami Lehtinen   [ updated Jan 18, 2015, 8:06 AM ]
  • Attack on Telegram - Security is hard.
  • First fail is that users won't probably check the fingerprints at all. So there's no need to find suitble finger print. It's so common to see this fail happeing all the time. Another favorite story is that they forgot password / lost their key, and now you'll need to use new one. Who bothers to check if it's authenticity? 
  • Checked out OpenBazar Market Protocol (OBMP) Tools
  • Read The problem with Angular, Why you should not use Angular
  • Also read not so interesting article about internal business communication in companies. As we all know, it's bad or worse.
  • Reminded my self about Advanced Message Queuing Protocl (AMQP)
  • Checked out new residential building networking specifications (In Finnish) by Finnish Communications Regulatory Authority (Viestintävirasto)
  • Once again typical project. This is just re-applying existing product in new environment. No changes should be required, just slight reconfiguration. After a while there's huge list of different new requirements and of course those should be done immediately on site and put straight into production. Business as usual. Then everyone is wondering, why there are problems? Well, what about really thinking trhough the requirements? What about doing proper coding (which takes time). Now everything is just hack it on, simples possible dirty execution which might work. No testing before putting into production, because it would take time, and nobody got time to test anything anyway. Well well. At least there's one thing which I won't skip. It's committing the changes into git at office after the changes have been already done into production. In some cases situation is that the only working copy of the program with all changes actually exists in customers production environment. There might be copy of it elsewhere but it could be out of date as well. Horrible things, but that's exactly how the customers request things to be done. It might seem cheap and quick, but the bill will bad with potential bugs and really bad maintainability later. 
  • Explored more cloud process automation and configuration management. So that systems can be fully automatically deployed and configured into production without any manual intervention. This is how things should work. 
  • Wondered how some really inefficient companies can exist. Some companies take several weeks and invoice ridiculous amounts for tasks which should be done in seconds and fully automatically. How can these inefficient companies even exist? I guess the reason is inefficient market which clueless customers. There are huge differences between service and automation levels between different cloud service providers. 
  • Should encryption be illegal? "British Prime Minister David Cameron proposes outlawing communications that the government cannot eavesdrop on." 
    Finland is also discussing if there there should be mass surveillance of everything. 
  • Checked out Google Pub/Sub - and Google Cloud Monitoring
  • I've always wondered why the solution to "unresponsive system" is adding just a few more CPU cores. Is it really true that developers today don't know that processes and threads can have different priorities? I'll always set heavy tasks below average priority. I've often heard that we need more CPUs to make system responsive? To me that sounds more like priority issue than adding just a few more cores. 
  • Thought some of my projects and Lean Canvas evolved (FTE Canvas)
  • 25 tips for intermediate git users
  • Future, more cloud SaaS, PaaS, IaaS, orchestration, predictive analytics, big data, social media, consumer data, Internet of things, digital transformation, wearable mobile technology, networked economy, seamlessly integrated and mash-up applications. 
  • I've seen lately that most of servers getting hacked are hacked by fully automated botnets. Those often take over server and do not actually touch anything, except add the server to the botnet and keep scanning the network for more bots.
    Of course this is very dangerous assumption. System got hacked, ok, we removed the added processes let's just continue as things were. Skilled attacker might do exactly that to make administrators to think that the hack was completely automated by script kiddies and we don't need to worry about the overall security of the system now when the "malware / parasite" processes have been evicted.
    Only secure way to deal with this, would be full re-installation of the system. Even restoring from (full) backups might not be a good idea because the exact time when the system was taken over might be unclear.
    On the other hand, it's interesting to see that even if they gain access to server(s) with valuable information, the information might be left completely untouched, because I'm sure they got just so many servers that they can't analyze individually what they even gained the access on. Which kind of makes me think how bad the security is. They're not like wow we got sever hacked, they're more like ok, we got one more to our botnet of million servers, who cares what the server even got.
  • Checked out Finnish Information Security Cluster (FISC) - Security Management, Policy Management, Cybersecurity, Security Technology, Enterprise Data Security, 
  • New Snowden docs indicate scope of NSA preparations for cyber battle. - Doesn't surprise anyone, does it?
  • Pony Foo Cross-tab Communication using HTML5 - I just wish more apps would use something like this. Because many web-apps totally break when you start to use those in parallel tabs.

Backlog still lingering with 768 entries, ugh! I'll deal with it some day. ;)