eSuomi, PSD2, Web Junk, Siirto, IoT, Telia DC, OVH IPv6, Box, Augur, Tor DDoS

Post date: Apr 22, 2018 4:21:27 PM

• Updated my knowledge about current state of National Architecture for Digital Services from esuomi.fi. Including: Sigle sign-on, Authorizing others, e-Identification, e-Authorizations, Web Services, Service Catalog, Messaging Services and Data Exchange Layer. Forming national service ecosystem with users, public service providers and private companies and communities. When EU integration gets forward there will be Digital Single Market. Strong identification with strong authentication with eIDAS federation. kw: Service Oriented Architecture (SOA), X-Road Finland FI: Kansallinen palveluarkkitehtuuri (KaPA)
• 10 things you need to know about PSD2. It's also good to remember that Strong Customer Authentication (SCA) and Secure Communication are coming under PSD2. PSD2 information in Finnish / PSD2 Suomeksi.
• It's rare to see sites nowadays which aren't full of bleeping junk. At least ec.europa.eu and wikipedia.com are still sites without all that spying, advertising, tracking and other 3rd party junk. It seems that even many Finnish national official sites are already polluted and leaking visitor information to foreing spies.
• OP just joined Siirto payment service, which allows instant money transfer between users without any fees (at least for now). I'm just wondering when they'll be offering services for businesses and what the pricing will be. So basically this would replace the good old bank card with mobile app.
• IoT Security Anti Patterns - Very nice post by Cloudflare guys. Unauthenticated Pub/Sub. X.509 message brokers. Physical theft + Reverse Engineering. As said, it's guaranteed that Internet will be full of thi.. Nope sh*t. Yes. But it's not news at this point to anyone, hopefully.
• Telia's data center about 100 meters from my work place is getting more and more complete and massive each day. It's the largest data center in Finland which allows co-location / access by non staff personnel. (FIN | ENG)
• I don't know what kind of engineering marvel my camera is. But there's really annoying lag between shutter sound and the actual capture of frame. It's so bad, I feel like the developers were just trolling users on purpose. Bad software is just absolutely everywhere. Kind of repeating pattern.
• Now it seems that OVH has disabled IPv6 address compression, because it was too complicated to get right. Smile.
• Checked out Box dictionaries for Python with dot notation. Isn't that big deal, but yeah. Python does allow all kind of tweaking. Just as pyclockpro library can be used as intermediate caching layer and or dictionary when accessing data from database (or other sources).
• I don't know who wrote the firmware for this one router, but it requires 6rd manually enabled (almost) after each boot. Because 6rd setup will fail, if it's on during the boot and connection forming process. These are just the tings engineers seem to make all the time. 'It works', but actually you should say you wrote really bad code. How about making it so, that it practically works and not only technically. Testing is no good, if the guy writing the tests doesn't have any understanding of 'real world'. This is also something which have been seen over and over again, if tech guys write the tests too. One more example of the we've tested it in oval track in Arizona and it works. Haha.
• Reread Augur - Prediction market documentation and APIs. kw: ethereum, json, rpc, decentralized network, p2p
• Interesting post about web sites, scraping, mirroring and Tor. Attacked Over Tor. As I said, I've done some similar experiments, but on the bot site. Generating huge amounts of requests and requiring high bandwidth. But that was just for fun and very short run times. To see if there's any effect. Distributed resource exhaustion attack.