Blog‎ > ‎

WhatsApp, Data Corruption, JWT, Malware, SMR, Cloud Functions, Confide, Drone Defense

posted Jan 20, 2018, 10:56 PM by Sami Lehtinen   [ updated Jan 20, 2018, 11:19 PM ]
  • Verified it again WhatsApp storage space management really sucks. No wonder people are suffering from using WhatsApp. Data isn't getting removed properly. Another persistent annoyance is that you can't move app and or just media to SD card or ext-sdcard whatever it's called with different Android versions and devices.
  • Silent data corruption is real. Yes, it very much is. Most of people think that it doesn't exist, because they don't notice it. But that's generic misunderstanding. I can say software I've written, works best for customers whom aren't using it. Laugh. They never complain about it being broken. But I've covered this topic over and over again. This is one of the reasons why Google does data checksumming, not on storage level, but on application level. Data can be corrupted on so many different levels of the system.
  • Long discussion with friends about JSON Web Tokens security. I don't see why it would be any worse than any other solution. Data is signed, and that's it. It's not JWTs fault, that there's no easy way to revoke tokens. Of course there is, the server just stops accepting the old token until new is aquired. It's not any different from any other PSK solution. Just in this case, there's more data stored on the client end than the PSK / identifier alone. I personally prefer simple shared keys, or temporary keys acquired using more permanent API key.
  • In Schneier's blog The CIA's malware development guidelines - Yeah, sure. All of the stuff is obvious. Yet many of the things don't actually make it really hard for professional test environments, just like using SSL, there are multiple ways to circumvent SSL protection. Also the 'data wiping' can be hard, or extremely hard, or totally impossible, if you go into details. You can't delete any written data from journaling file system. That's the whole point of journaling, if the journals are kept. Just like the normal recovery mode for MS SQL databases. Same applies to memory, in suitable test environment, of course all memory access can be logged as well as any changes to CPU registers etc. Very very long time ago used SoftICE. To analyze and crack some games.
  • Checked out Small Modular Reactor (SMR) concept. Doesn't anyone remember what happened with nuclear batteries / atomic batteries and Radioisotope Thermoelectric Generators (RTG) ? Well, let's hope future will be brighter. What could go wrong? (Everything is just glowing in dark) Just waiting for RORSAT & TOPAZ reactors with plutonium to rain on us.
  • Very nice writing about Internet of Things (IoT), value chain, ecosystem, etc. It's hard to get it all. But you'll need to find right partners to deliver best value proposition to the end customers. As well as IoT requires lot of integration work, so system integrators like me aren't going to run out of work to do in future.
  • UpCloud - launched Amsterdam (AMS) data center (DC). Gotta check it out. Currently it's kind of mixed situation, which server location is best for Finnish customers. Frankfurt (FRA) is likely to be be faster for ISPs using using the Cinia C-Lion1 submarine cable. But for ISPs using traditional route, like Telia / Sonera / TeliaSonera Amsterdam is likely to be faster. Why? Because the traffic is routed via Stockholm and Copenhagen. (This is from April 2017) - Based on very quick testing, Amsterdam is faster for non C-Lion users than Frankfurt. - Situation has remained the same, even when this post has been sitting in the backlog. Just checked it.
  • Google Cloud Functions - What did I say about decades old RPC. It's the very same thing. Just minor changes in the back end side. It's so nice when old is new.
  • I didn't really like Confide, it seems that some other people also think it's all show. It's technical documentation didn't assure me at all.
  • Overkill? Using USD$ 3 million Patriot missile to shoot down USD$ 200 drone. Yes, that's overkill. But now we could ask, what's the defense system on drone against these missile strikes. This is just like the encryption, privacy and security questions. Normal people can do very little, if you think there's world wide high level organization after you. Especially if they don't need to follow any laws and they don't care about breaking existing ones. You're just screwed.
  • UpCloud opened second data center in Helsinki - That's nice, so you can have systems replicating between two separate physical data centers. Not just two computers in a cluster in same rack or so.