Backblaze, FIDO2, Journald, Security

  • Backblaze opened their European Data Center (EU Central) in Amsterdam. This is great news, I've been waiting for it. EU location was one of the major benefits of Wasabi. But now B2 is much better option, especially because Wasabi invoices for at least 1 TB of storage, when B2 invoices using GB granularity. Also Wasabi had the strange 90 days minimum object life-time invoicing rule. So if you saved something and deleted it, you had to pay for 90 days storage anyway. Also see some background information about their EU DC project and why Finland wasn't finally an viable option.
  • Yuck, FIDO2 login to Windows, requires usage of Microsoft Account, that's not pretty at all.
  • Had to deal with Proxy auto-config PAC files. Amazingly annoying format. But writing some horrible code, I got it sorted out in a sufficiently bad way. Another example of complex and powerful standard making things messy and making extremely bad kludge implementation which works only in very specific situations. Honestly, manually configuring the proxy would be a better option. But now it "works" as required.
  • Your Credit Card leaks your private information. The spy in your wallet - Great article by The Washington Post. They forgot to mention tokenization, which is just one scam word to hide the fact that your info is being sold. Yet, I might prefer it over having alternate worse authentication methods, like apps.
  • Browser Fingerprinting @ Tor Project Blog. A nice summary posting. Yep, nothing new out there. It's obvious that all information you're giving out, will be used against you.
  • While studying some issues with Linux servers studied journalctl, journald and /var/log/journal content very carefully as well as set new parameters into journald.conf in /etc/systemd. Basic stuff of course. But I haven't ever had need to dig into that stuff so deeply. It's just like eventviewer for Windows. Sometimes you need it, but for most of time you don't. In case of Windows, default logs are often too small. But in case of Ubuntu the default journal log size of 4 GBytes is more than enough. And it's good to notice that the retention time is unlimited. As long as there's enough storage space. Journald @ Wikipedia Yeah, it's pretty obvious why this is better than the syslog alone. Nice post about journalctl basics. While not forgetting the journalctl @ Debian man page.
  • FIDO2 long discussion about HSM modules with different people. Others really dislike the idea of using HSM module, some prefer software solutions. Some think that SMS is the best option, etc. Sure, there are different security requirements and levels. Of course it's much easier to use email and simple password to login. Than needing to have USB HSM (FIDO2) token with you. It also depends how often you need to authenticate. Some people prefer saving everything in their browser and were like what, why would you need something physical. Then I told them about Firefox soft-tokens and they loved it. Yet, I still don't know where that data is saved. So unless they've setup alternate account recovery information, when browser for some reason loses the soft-tokens, they can't login anymore and so on.
  • Network security: While walking outside, I found open fiber network distribution rack cabinet. Funny stuff. Fiber switches, heating, cooling and power equipment. Totally unlocked, great work ISP guys. That's the way to go. Anyone can access power, UPS, steal, sabotage, damage or just tap the equipment. I'm just wondering if that's done correctly according all the safety regulations.
  • Had some network and system security meetings. Only thing you can conclude is that you can take adequate security measures to the estimated the risk level. That by no means, mean that the systems would be actually secure. Because that's just really hard as we know, nearly impossible and costs doing it would be really infeasible. But getting that security level right, can be hard.

2020-09-13