Skip to main content

On APICTA (finale)

We have finished our presentation. One last question of the Vietnam judge really bugs me off. He asked us about the security right after the bell ringing. I surely didn't get the point. Which part of security?

The webservice? Yeah, we have answered it using SSL.
The applet application? Yeah, we have answered it using PIN on the Card.

But, I think at the last moment he conclude that we have no security over the communication. Hmm.. WTF? Ow, he means the communication between the card and the terminal.

Sh*t! We forgot to mention about the External Authentication, which GP 2.1.1 standard can do. Anyone on the smart card industry would know that. Each smart card has its own mechanism to do authentication and our product is by far using the newest Javacard solution using CPG 2.04 key derivation. Hopefully, he see the last slide of the note.

I'm very confused, because whenever Adin, Dimas, and I try to rehearse, I am the one that falling to too many technical terms. I guess that what made me hesitated to talk and let the moment goes by.

Oh, well, whatever the result, I must go home with a proud. Our product by far is the finest solution that tries to combine all the needed solution to provide services integration.

Arrrgh... still having this regret, though....
Labels:

Comments

Post a Comment

Popular posts from this blog

STAN vs. UI

Ugh, kasihan banget adek gue. Saking kepinteran dia jadi dapet Akuntansi UI dan STAN. Jadi bingung mau masuk yang mana. Beberapa orang (termasuk orang tua gue), menyarankan masuk STAN. Gue malah memperburuk suasana dengan membela memasuki Akuntansi UI, maklum bela almamater. Duh, gue jadi merasa bersalah bikin dia ragu-ragu. Kira-kira enakan masuk mana, yah? Gue juga gak tahu keuntungan masing-masing. Hasil debat sementara: ~ Untuk jangka panjang masuk UI, untuk jangka pendek STAN. ~~Tapi, dia itu kan cewek, ntar pas menikah kemungkinan besar karir terhambat. Eits, ntar, dulu, sekarang kan jamannya emansipasi, bisa aja cowoknya yang jadi BRT. ~ STAN sarang korupsi, kalo masuk STAN jadi pegawai negeri. Kalo mau kaya harus korupsi. Tapi kalo masuk UI, lulus masuk jadi akuntan publik. Sekarang ini, orang membayar akuntan publik untuk memanipulasi nilai pajak dan aset. *SIGH*. Jadi gak ada yang beres ~ dll. Yah, udah gue jadi bingung, apa lagi dia nanya saran gue. Buah, gue gak pengalaman ...
62 comments
Read more

Installing Goodix Fingerprint Reader Driver on Fedora

I currently have a Lenovo Thinkpad L14 laptop equipped with fingerprint. I was `belok` from KDE Neon to use Fedora 40 because of someone. Now I am tempted to enable my fingerprint: lsusb | grep -i fingerprint Bus 001 Device 004: ID 27c6:55b4 Shenzhen Goodix Technology Co.,Ltd. Fingerprint Reader Dump the firmware Assuming this is a fresh install, lets do some magic by getting some dependencies: sudo dnf install gcc git python-pip python-devel openssl Let's get the source code: git clone --recurse-submodules https://github.com/goodix-fp-linux-dev/goodix-fp-dump.git cd goodix-fp-dump Create an isolated Python environment: python -m venv .v source .v/bin/activate Do the magic: sudo su pip install -r requirements.txt python run_55b4.py exit There are some python scripts available. I run run_55b4.py because my device ID is 27c6: 55b4 . It will spell some nonsense, which is a good thing. That nonsense actually the firmware captured by our device. Also, I typed exit becaus...
2 comments
Read more

Vibe Coding Workflow

I am currently working for having A.I. workflow for generating projects. There are two things that need to be tackled for that: 1) hallucinations; and 2) old codes. I have met several patterns to tackle those two and just need to formulate the patterns into a general flow. Thankfully, a video of building fullstack app using A.I. from Raf Dev channel inspired me to make the formulation. He used multiple A.I. engines to his need: He used Google Gemini to onboard his ideas and summarized it. He forked a boilerplate of NextJS project into a new project. Then, he added the summary from Google Gemini into a file for context. He used QWEN Code, a QWEN3 code engine that is a fork from Gemini CLI, to build the project. When working with an existing project, A.I. will take the whole project as a context. It also means that it will stick with the version used by the libraries. It also will try to update its knowledge based on the common pattern in the project. Most of the time, it will use the c...
Post a Comment
Read more