Tromboning, Magstripe, 24Go, exFAT, SecureChatGuide

• Finnish ISP Elisa clearly wants to provide sub-optimal routing for some of their clients. They prefer often routing data via Stockholm back to Helsinki. Does that make any sense at all? Or is that just a way to exposing the data or Swedish surveillance and intelligence? Tromboning at it's best. At least UpCloud and Fastly traffic are both routed "via" Stockholm, Sweden from Helsinki, Finland to Helsinki, Finland.
• Finally magnetic stripe credit card payments aren't allowed in EU area anymore. Now when you pay, you'll need to use NFC or CHIP & PIN. It has been around 15 years, while banks and card companies have been lying that the CHIP would make cards secure. Yet leaving all the gold fraud method like copying mag strip still working. Yet that's not all. The magstripe still works with cards issued outside EU area as well as in cases where EU cards are used with non EU payment systems. So there are not so hidden backdoor still in place. Ok, let's call this backdoor "compatibility feature".
• 24Go car rental company did it. They scratched their apps and switched to web-app. This is approach which I really like, if the web-app works well. Personally I think that every app which isn't being used at least weekly, and doesn't provide some exceptional value over web-implementation is junk app, which just annoys me and I'll uninstall it. For some of such apps, I'll actually pick the app from library, use it for a while and uninstall when I'm done. Of course some developers make the app installation / startup / login process hard, which causes me totally to shelve the apps and services as badly designed.
• Sometimes project agility is used almost as trolling tool. It allows endless iterations with more or less random changes. This isn't good, do something else. Something is done, and then process is repeated. In some cases the feedback is really that bad, nobody bothers to think about it, but just says it's bad. Just like Brexit. Everyone complains it's not good, but nobody knows how to do it. Legendary and so classic. No wonder even small integration might require 1000 iterations, because nobody pays any attention that any progress will get done on every the iteration. And some of the iterations are just reverting changes done. Yes, this is called Genetic programming. But it works really badly with ERP projects and systems, where we've got population of one and we can do a few iterations per week. I'm just wonder if the ERP integration will work before sun destroys the Earth.
• Caught up listening all F-Secure security podcasts. Good stuff. But bit hard core, because Nation State Actor (NSA) level stuff in many cases. Zero day exploits and use of kinetic force in some rare cases.
• exFAT and lost clusters is actually great reminder, that cluster tips can contain "anything" that has been written earlier to the disk. It's easy to forget that, but when you check the recovered cluster files, it's obvious that as example, stubs of these blog posts when stored in lost clusters, contain some previous data. The cluster tip isn't cleared by default. Which also means that whole cluster isn't getting written. Personally I might think that that's a security flaw. Writing whole cluster would sound a good idea anyway. Other wise the system always required read-modify-write, even if it would be fine to just write, and clear the cluster tip.
• SecureChatGuide - It seems that someone tested and thought bit more deeply about a few other messenger apps that I've done. Great work. I've been waiting a long time to find a reason to ditch WhatsApp. I suspect that day will come at some point. Of course it won't be used for anything which actually requires privacy, but just daily random chatter.
• Something different? Not really unexpected, but more drones are coming: AVIC 601-S, Sukhoi S-70 Okhotnik, Chinese GJ-11 stealth combat drone, supersonic DR-8 spy drone and piloted European New Generation Fighter (NFG) / Dassault FCAS (Future Combat Air System).

2020-09-13