Tesler, Tor v3, U2F, App containers, Unicode, GCB, Navigation

  • Tesler's Law - Law of conservation of complexity. This is so classic, and still very valid with every project. Especially with integration projects. New integration somehow magically makes everything (which is mostly unknown) work automatically. Oh well, we all know how this is going to end up.
  • Tor v3 Vanguards Add-On. Good old: Rendezvous System, Guard, Rendezvous Point, Onion Hidden Service, Relays and new Vanguards, Bandguards and A Rendguard. All of this is of course optional and only for high-risk sites. Which operators are of course at least pseudonymous or anonymous.
  • Let's of discussion about U2F and TOTP and how those do protect the user in different attack scenarios. It's very true that the TOTP doesn't authenticate the server. As U2F Fido Alliance authentication can. Yet, checking the logging information of site before you're going to give the credentials is the very obvious thing to do. Unfortunately as stated several times over and over again, people don't bother following sane protocols and checking vital details. And what difference that does when user is being fooled by phishing. Yet, as said, protecting login isn't enough. Every important transaction should have challenge, clear information what's being confirmed and then signed. That's the only way to make sure, that the end user knows what they're authenticating for. Some people mentioned key loggers, true. If the attacker got the (user) system compromised, it requires other security layers preventing them from impersonating that user after gaining access to login cookies etc. Of course these kind of security measures aren't being used by most of web sites and other services.
  • Reminded my-self about AppImage, Snap and Flatpack application containers / distribution packaging. My personal favorite is no doubt the AppImage. Also quickly studied Zero Install (Official site), Zero Install (Wikipedia), wich also works with Windows. Zero Install (GitHub).
  • Studied new Emoji characters in Unicode version 11.0. Like combined glyphs and ZWJ sequences, fallback appearance and stuff. Hey, but it contains something I've been looking for "hot face" and of course the classic "half star". Yet when I presented the new Emoji characters to a friend, she immediately said that why you can't choose a proper eye color. So there's something you can add immediately, not just skin and hair colors. It isn't any news that Emoji characters look very different on different platforms. So you can't be actually sure which kind of symbol the recipient is seeing. We also detected that as example on Samsung, the notifications use Samsung Emoji but WhatsApp then uses WhatsApp Emoji. That's not unexpected, but a good example where even knowing what kind of device they're using, still can lead to different interpretations. Also there's Ordering and Grouping, etc. Which is nice, yet I'm not exactly sure if the WhatsApp uses the official ordering and grouping?
  • Google Cloud Build. Nice, even more fully integrated continuous deployment tools with customizable workflow. Yet some things are missing like conditional build steps. As well as Slack integration and automated processing based on Github pull requests and so on. In general the integration part is what's seriously lacking.
  • Finally someone got the point that telcos are marketing everything extremely misleadingly and directly lying to customers. Elisa got busted about that. Yet, practically all operators do it, at least in Finland. As mentioned earlier.
  • Google Maps - I really can't stop deeply hating bad software! I sent route I designed with Google Maps to a friend. He said it's silly route. But after discussing it for a while. We've found out that Google Maps mobile, shows totally different route, than the Google Maps on Desktop in Web Browser using the exactly same link. Yes, I shared link with the route I designed between two points, with via points. It was also confirmed that the route preferences were aligned on both cases. After wondering it for a while it seems that the Mobile version doesn't honor the extra waypoints, which are active with desktop version. This is the sad current state of "l33+" software. Sigh! Yet, multi-platform stuff with bad usability and inconsistent user experience is hardly anything new.

2019-12-22