Identity, psql, HTTPS, QUIC, UFW, Integration
- About web applications and user accounts and identity. One application on phone registers with the phone's identity, but when you use the same application in web browser, they're asking for user id and password. There's no way to link the accounts, even if there's single user and same preferences. You'll have to configure both separately. Great UX, thanks for that again. Let's see if they'll ever get back to my feedback, credits go to HSL.
- PostgreSQL Parallel Sequential Scan - About parallelism and performance, sometimes it improves performance sometimes it doesn't. Also depending on storage system, parallel processing might lead to less sequential disk access, which might improve or worsen performance a lot, depending on hard to predict factors, without knowing the specific environment, hardware, configuration and workloads on the server.
- Mind blown, had some discussions with web-developers about HTTPS. It's extremely clear, that they don't know a thing about it. Yawn, but I configured the systems for them and everything's good. They kept wondering why default site won't work with HTTPS. And it's not listening on that domain. Well, first of all, you can't bind socket to a domain. And so on. All the basic facts totally lost. This is also one of the things, where you have to play with this stuff, to get actual knowledge how things work. Then I gave them a hint about SNI, but they didn't get it. Probably they don't know how certificates work either. They say that "commercial certificate" guarantees sites security. - Oh well, that's great.
- The road to QUIC - Excellent blog post by Cloudflare about QUIC protocol. This is one of the examples, where UDP is better option than TCP. But for sure, it adds lots of complexity. It's always important to think about the benefits versus complexity added. QPACK header compression. HTTP/2 (HC) over UDP, instead of TCP & TLS. Quicker loading and hand shakes over UDP reducing latency and round trips. This is great example of rethinking things, when everyone else says that can't be possibly done, you'll just go like, why? Oh, the NAT joy, sure, as stated, everyone loves NAT! Just as they do love 32 bit applications, and IPv4, legacy Windows versions and so on. gQUICK protocol, Head-of-Line (HOL) blocking, IETF QUIC. It's so nice that things like amplification / reflection attacks are covered and thought, usually those come as "total surprise" to most of engineers. Compressed TLS certificates, ECDSA certificates. Afaik, ECDSA certificates work just fine, I used those with one of my servers at one point, just to see that those do work. All you need to do is to generate ECDSA keys and get those signed, of course this only affects the last segment of the certificate chain verification path.
- How to enable IP forwarding with UFW - Nice short post, it's good to know that UFW overrides some sysctl.conf settings with it's own sysctl.conf file, like forwarding and tempaddr stuff. Disabled radvd on local network again, for some reason IPv6 performance is bad, that I can't use it. Basically service which work over IPv6 will stop working, why? I don't know yet.
- Studied features and differences of latest retinal scan and iris recognition. How it's possible to remotely scan irises for high confidence mass identification. EFF Street-Level surveillance and Iris Recognition. kw: Biometric ID
- Multiparty integration, oh joy. When something is broken, the discussion what is broken, by whom and why can be highly entertaining. Especially when there are claims that things have been changed, which are guaranteed to be not changed. But of course this is nothing new. Next fun part of the discussion is that if someone should pay something to whom and why, and so on. But no worries, things will get sorted out. Most often it's kind of bad that when something fails, everybody's thinking it's the "other party" and nobody even bothers to checkout what's actually broken. In worst cases someone intervenes manually and makes some "manual changes" which then can cause huge issues later, because it's so common that those changes are made in hurry and incorrectly. Joy.
2020-03-01