Open data, product building, fappening, routing, storage, dist-upgrade, misc
Post date: Oct 1, 2014 3:04:49 PM
Read a few long articles about public open data, and how map data and other data which is created using public resources should be free for everyone to use. Art works and artifacts in museums etc. OGC, Open Geospatial Consortium. OpenStreetMap and OpenTripPlanner (OSM/OTP), General Transit Feed Specification (GTFS). CC 4.0 - What's new? CC 4.0 is also good for public sector databases. Environment, Health, e learning, leisure services etc. public data. Open API's, City SDK, http://www.citysdk.eu/, 6AIKA, OpenData Globe
Comparing cost of open source versus closed source.
Open source code has to be good, because everyone is going to see it. When writing closed source code, you can get away with and kind of code, which is seemingly working after compilation.
Should we build X? - My first question about this feature is always absolute anti engineering aspect. Why we're building it? What it is really for? What’s the actual problem it’s solving? For whom? Are they really willing to pay for solving the problem? If the only purpose is to implement feature X this it's ok. But usually I'm preferring to solve a practical problem for a paying customer. Instead of just building something mediocre, so we can say that we've build it. Based on this, I'm strongly suspecting that it's less than 1% of data leaks which become public, maybe 9% are noticed at the source organization, and at least 90% go totally unnoticed. Even with these number, I guess my estimates (not based on any data) are probably way too high.
This latest celebrity photo leak (The Fappening) just points out what we have known for a long time. If you're storing something on systems which are connected to Internet & cloud. It's more about question when the data leaks than if it leaks. It seems that many people just refuse to believe this. They think that cloud services provide 100% reliability and security, even if tech people know better and actually wonder how rare data leaks are when you start looking all the potential ways those could happen.
Firefox public key pinning for version 32.
Unfortunately those articles are way too light, I have to read more about this stuff. Watched related lecture: Frank Fitzek, Aalborg University: Network Coding for Future Communication and Storage Systems
Yrityslinna, good information and tutoring source for starting entrepreneur's in Helsinki.
Ubuntu Server Dist Upgrade:
So much joy, making distribution upgrade on Ubuntu. First of all, I know it's risky business. So I'll always take full snapshot and backup of the server and run everything down so nothing changes in case I need to go back to old version.
Then the fun parts: Apache2 configuration changed on several key items, so I had to reconfigure it. This was quite trivial, because some of the things were configuration errors like Options parameters without +/-. And some of the paths had to be changed, as well as some old parameter key values removed from the configuration files. As well as adding Listen directives, now port number using virtual host directive wasn't enough anymore. No ports to listen error didn't directly indicate what's wrong. Even if it gave a clue that application can't listen to the port it would like to.
Dovecot required some changes, but those weren't so hard after all to fix, if you just know what you're doing. After googling around and trying everything. I found out that I have to add new parmeter inbox=yes to one configuration file. It was really unclearly stated where the parameter needs to be added. But I randomized it's location around configuration until I found the right place.
But Roundcube, it just didn't work and didn't give clear indication what's wrong. It turned out that my system didn't have mcrypt installed for some reason. I installed it, and also new configuration parameter had to be added to apache2 php configuration extension=mcrypt.so without that parameter Roundcube login always failed.
After these changes everything seems to be working ok-ish again.
Clear failure to use Whonix or similar solution, which hides any knowledge of public IP from the secret server itself: Pinpointing Silkroad servers.
About cloud storage, and data leaks, court cases, generic cloud security, etc. Pirated content, users busted by cloud providers due to illegal content, cloud service providers sued due to hosting illegal / pirated content, etc. My solution is: "I would recommend strong pre-cloud encryption. I don't ever give my encryption keys to the cloud provider. Their task is to store bits, they don't need to know what the bits are for. It's good for me, it's good for them. Nobody can sue them about storing pirated movies or any other content, because they're simply storing bits. It's none of their business what their customers are storing in the system."
Watched PostreSQL is Web-Scale, really PyCon 2014 Montreal video.
Using passive repeaters. In Finland there's major problems with mobile networks, because building thermal insulation and isolation is so good that it blocks also radio signals. I've been solving this several times using very simple passive repeater solution. Usually in cases where reception is bad, it's bad only inside. So if you go outside the building, there's full reception, but inside there's very weak or no reception/signal at all. To fix this, you'll simple need some cable and two antennas. Place on antenna outside, in good reception, lead the cable inside through the wall and then attach another antenna on the other end of the cable. Problem solved, it's wonderful how easy it's to lead signal into places where Faraday cage is blocking it. There are many companies on Internet advertising active repeaters, but most of those are illegal and cause problems and will lead to many problems, including potential charges and fines.
Studied: IEEE 802.1aq, but it's bit too heavy for me, because I don't currently have absolutely any use for such techniques. Aka large IS-IS network routing stuff.
Anyway subtopics I had to study about were: Shortest Path Bridging (SPB), specified in the IEEE 802.1aq standard, is a computer networking technology intended to simplify the creation and configuration of networks, while enabling multipath routing. Software-defined networking (SDN), SPBV (Shortest Path Bridging - VID), provides capability that is backwards compatible with spanning tree technologies. SPBM (Shortest Path Bridging – MAC, previously known as SPBB) provides additional values which capitalize on Provider Backbone Bridge (PBB) capabilities. SPB (the generic term for both) combines an Ethernet data path (either IEEE 802.1Q in the case of SPBV, or Provider Backbone Bridges (PBBs) IEEE 802.1ah in the case of SPBM) with an IS-IS link state control protocol running between Shortest Path bridges (NNI links). MSTP, Provider Link State Bridging (PLSB), Shortest Path Bridging-VID, Link State IS-IS, Loop Prevention, Loop Mitigation, Continuity Fault Messages (CFM)... Then it started to go too technical for my current needs.