# Security

Told ya so.
Sunday, December 12, 2021

Well, since Log4J has just blown up with an Armageddon level remote code execution bug and a lot of people are unhappy about having to take their servers down, I’d like to reiterate that if an open source component is mission critical for you, then consider contributing back by paying for support.

Friday, March 12, 2021
Friday, September 25, 2020

Huh, the Windows XP source code allegedly leaks and all security experts are concerned. Imagine if the same happened to the Linux source code… oh, wait!

Seriously, we had a consensus for years, that security by obscurity is a bad idea. So if accidentally going open source is a concern now, then maybe that’s a reminder that Microsoft products have always been dangerous, shouldn’t have been used to begin with and it’s high time to migrate away from the Windows platform (yes, that’s costly and annoying, but don’t tell that having your business shut down because you rely on an unreliable system isn’t).

Sunday, June 28, 2020

I’m always stunned when watching a movie/TV show in which a criminal makes a final call, then breaks the phone and throws it away in order to get rid of incriminating evidence. Yeah, sure, burner phones exist to be disposed of, but why break them? Your telco has a record of the phone call and if the police found the wreckage (your telco also knows which radio mast you have been connected to, when making that final call), they could desolder the internal storage from the mainboard - NAND flash chips can be quite resilient. They are also very bad at actually erasing data (when you delete a file, the operating system just marks the storage space as available again. If you truly want to get rid of a file, then you would first have to overwrite it with random garbage. However, writing to NAND flash is slow and wears the chip down - the controller tries to avoid that).

Yeah ok, that’s a problem for criminals, not law abiding citizens. You have nothing to hide - except maybe the credentials for your Google account, online banking…

Something, one should probably keep in mind when selling a used phone: doing a factory reset means all data on the phone is lost — unless the new owner has specialized equipment.

Sunday, July 7, 2019

Tales from the spam filter of an Android app developer

Publishing on Google Play requires you to publish a contact email address as well. Publishing a contact address means you get spam mail. The spam you get via the Play contact address is scary.