Blog‎ > ‎

Tor security, DANE, SASS & LESS, user friendliness

posted Aug 2, 2014, 9:47 PM by Sami Lehtinen   [ updated Apr 20, 2015, 7:41 AM ]
  • Tor security: Security is hard, really hard. It seems that Tor project failed in terms of securing their users or at least it seems to be so. Traffic analysis, end to end correlation or traffic confirmation, I would say. Tagging packets should have been impossible, but clearly it wasn't. As well as we all know, that Tor is low latency network and therefore vulnerable to statistical timing attacks.
  • Covert communication: Wouldn't it be interesting to design a system which would completely prevent passive traffic analysis? Only thing passive monitor would know, is that you're using the system. They wouldn't know with whom, when and how much you're communicating.
  • Web shop deliveries: When Gigantti sends stuff to customers which order it on-line. Why they don't include business name in the delivery at all? It would be so nice to send a package to Mr. Somebody to a huge skyscarper. No other information provided than the recipient name. Really annoying. It's funny how minor seeming things can then mess things totally up. When you combine that with summer workers, it's going to be a disaster.
  • LclBd.com is just a platform and test project which I can pivot something more interesting later, if required. I just want to test that all required components are working.
  • Other topics studied: Agile Software Development, Multi Vendor Project Management, Internet marketing, customer contact information, statistical analysis, targeted offers, loyalty programs, payment methods, internet shopping, purchasing journeys, electronic receipts, electronic payments, payment sector service fragmentation, prepaid gift vouchers payment cards loyalty cards. Mujahideen Secrets (Asrar al-Mujahideen) encryption software, Asrar al-Dardashah, Tashfeer al-Jawwal, Asrar al-Ghurabaa, Amn al-Mujahid. 
  • DNS-based_Authentication_of_Named_Entities (DANE)
  • SASS and LESS, won't be using those, too heavy for my current mobile oriented project. I really want to keep it as light as possible.
  • Gift vouchers, serial tickets: I don't like concept of prepayment, I would like to be charged based on used services. Personally I don't see many ways to devalues money as efficiently as buying something silly like a gift voucher. It immediately devalues the money you just deposited. Because now it can't be spent on other services. Yet things like serial tickets do make some sense, due to related usually quite large discount and faster operation when using services.
  • Deluge BitTorrent clients 'auto managed' is really silly concept. Let's say I got 20 torrents, and 10 active slots. Yet, 10 of those downloads have finished, and I could seed those. Yet the torrent client focuses all connections on those 10 torrents I'm downloading. Ok, sounds good. As long as, there's something to download. Some trackers pre-release torrent files, and seed those later. So now the client is using all conntections trying to download a files which aren't available. How about just using let's say 3 connections of those torrents which aren't yet downloadable and using rest of connections to seed files, which require seeding. I guess the logic I'm suggesting, is just too complex for programmers.
    I also think I earlier mentioned that the Deluge BitTorrents Max connections / torrent setting wasn't working at all. If I limit connections per torrent to 3 and even drop the auto managed checkbox client is still using all connections connecting those. Which is not ok.
  • I placed lighter on table, and it's butane container cracked releasing the gas. Just great. This is the quality what we're getting nowadays. 
  • Customer feedback: Tell Subway is quite nice customer feedback service for them, yet they have forgotten the customers point of view. So it could be implemented a lot better. Now they're asking a lot of details from receipt, which cashier, what date, what time, what receipt number, etc, which are hard to locate on the messy receipt. It would be ideal to use only one identifier per transaction, instead of asking for multiple details. Current solution is simply annoying to their customers, and unfortunately very clearly shows that they haven't really thought how this thing should be done as user friendly as possible. 
  • Loyalty programs: I'm also always annoyed by loyalty programs which would require me to carry some kind of customer card. Why I would like to carry that always with me? 

I've been reading several hours per day using kindle during this wonderful summertime. So blog backlog is huge. At some point during fall, I'll dump it all out. When weather is such that there's no interest what so ever to go out. Now I'm preferring to spend as much time out as possible.