Just Walk Out, LVI, 433, MQTT, TLSv1.3, 7z, TFC, WA, URL

1. Just Walk Out (@ JustWalkOut) by Amazon (@ Amazon). Interesting technological development in retail sector. POSless stores. Totally expected technology development based on Amazon Go and other solutions which utilize RFID or similar solutions to detect what's being taken out of the store by the customer. kw: justwalkout, amazon

2. LVI Attack (@ LVI Attack) - Even more Intel CPU flaws, now affecting SGX.

3. IoT 433 MHz USB radio transreceiver modules. I did find just a few options. CC1101 it is. Why? There's a wide selection of different kind of 433 MHz telemetry sensors available very cheaply, that's why. Preexisting library for Python & Linux. Same CC1101 USB RF Transreceiver Modules are also available from Amazon. Another option is Sonoff 433MHz RF 2 WiFi Bridge, which is really cheap and allows running custom firmware (PORTISH), which allows many more features to be used with it. Finally there's the ultra flexible solution using RTL-SDR devices.

4. MQTT (@ MQTT) - is a machine-to-machine (M2M) / Internet of Things (IoT) connectivity protocol. - Nice, there's also plenty of MQTT library options available for Python.

5. Finally TLSv1.3 and Nginx work together, also X25519 is working. Yet Certbot (@ Wikipedia) doesn't yet support X25519 keys. RSA 2048 is the way to go. I would prefer secp384r1 even over that, but it would require manual setup using certonly mode. Actually I used to do that long time ago, before Let's Encrypt (@ Wikipedia) even came to exist. Well, these are things which seem to be moving really slowly. It's enough to check once a year for updates. If something has changed. I'll switch to X25519 certificates as soon as it's possible using Certbot. kw: EC, ECC, TLS

6. Changed some 7-zip (@ Wikipedia) based copy jobs to run with 'u -uq0' mode. It allows to synchronize the archive content with current disk data, while allowing already compressed static data to be kept as it is, without re-compression. This is especially suitable for archives which contain larger files. If archive is solid, it's also good to check the solid block size, because naturally every affected solid block, needs to be re-compressed. - Thank you Igor Pavlov for making the amazing 7-zip (@ 7-zip.org) !

7. Unicode (@ Wikipedia) version 13 released, with lots of new characters. Nice, I just wonder when Unicode is done. It seems that there's never ending list of stuff being added. At least it's not yet running out of code points. Maybe UTF-64 is coming soon, because we simply need more Emojis?

8. Tinfoil Chat (tfc) (@ GitHub) - This is is quite exactly along the lines I've talked about. Yet with one separation, sending and receiving is done using completely separate computers. My solution just used switchable unidirectional links, which are monitored. Pretty much the same end result, but of course not exactly. If the system doing encryption / decryption is fully compromised, it still can hide data in the outbound stream. But at least there's no direct way to having access to plaintext and keys, because it's basically isolated from the other components, just using different means.

9. Whoa, COVID-19 induced (small) stock market crash. Ok, interesting times. I thought I'm kind of having bad asset allocation policy. But now considering the situation, it doesn't seem so bad deal after all. Ye the big question remains, where do people put their money assets if and when they sell the stock. In my personal opinion and based on what I've seen, that creates quite a big banking risk if not managed in some wise way. Money in stock market is still globally distributed in different businesses. But having the money in bank, especially in single bank / currency, is much more risky. Because when stock market valuations go down, it's not lost totally. But if you're putting all your wealth in a checking account and something bad happens, then you're truly screwed.

10. It seems that my home SSD got Write Amplification (WA) (@ Wikipedia) Factor (WAF) around two. Even if disk is almost completely empty. That's bit more than I expected.

11. During vacation listened the Malicious Life (@ malicious.life) podcast, good stuff. Three Seasons and 76 episodes. Operation Glowing Symphony was the last one so far.

12. Why doesn't Google Sites @ sites.google.com handle duplicate URLs properly? Google provides information about duplicate URLs (@ support.google.com), but their sucky systems do not follow their own recommendations? Nor they'll provide a sitemap (@ support.google.com) / site_map (@ Wikipedia). Even RSS (@ Wikipedia) fails, but I've provided my own solution, using my own server and RSS feed (@ s.sami-lehtinen.net).

13. Something different? Let's colonize Titan (@ Scientific American).

2021-03-28