IO, AppEngine, ANC, Web Summit, Scaleway, DDoS, TPM, TLS, PGP, FIDO2, Nginx

  • Internet Objects - Hey guys, how about reinventing the wheel. XKCD #927 - Well, honestly I don't care. So far any format has been fine, XML, JSON, EDIFACT, CSV or whatever you'll come up with. I can do it, and I can work with it. Some formats are binary, some human readable, some more complex some simpler. But in general, I love something like CSV. It's just what's needed without all that extra overload cruft. Other formats I've used extensively are [type, value] or [key, value] formats. Which actually allow totally universal data structures after all. Same data, different format, no big deal after all.

  • Google Cloud AppEngine (@ Wikipedia) Python 3.8 support. Awesome! It's not lagging massively anymore as it used to.

  • Active Noise Cancellation (ANC) (@ Wikipedia) headphones are nice. But isn't it obvious that having keyword triggers would be nice. Like allowing hear through mode when users name is mentioned?

  • Snowden's talk at Web Summit 2019 (@ YouTube) was excellent. Very good points. I do fully agree about the data collection. It's not about data protection. Why all that data "needs" to be collected. I personally prefer not to collect data whenever it's possible, if there isn't a great reason to collect the data.

  • Another very nice talk Cyber warfare - in the context of major military innovations by Mattias Almeflo (@ YouTube). Lots of history and background information. Not technical talk a all. Awesome stuff, yet nothing new. Loved that statement: "USB-memory-sticks are merely very unprotected high latency networks". ;)

  • Check Point Endpoint Security VPN - Crap-o-ware. Whatever you'll do the application always automatically starts with the system. Even if auto start is disabled. Now I've got a process which kills this process. But hey, this kind of stuff shouldn't be necessary, if you wouldn't create such a crap-o-ware in the very first place. - Thank you for pooping around my system. At least GlobalProtect and Cisco AnyConnect let you disable auto start, and it works without quirks.

  • Tested Scaleway (@ Wikipedia) Kapsules aka Kubernetes (@ Wikipedia) Clusters and PosgreSQL.

  • VanwaTech DDoS protection seems to cause a redirection loop. My single client with single tab, makes around 20 requests / second. If I open up 10 tabs, then I'll make 200 https requests per second. How many requests per second starts to count as DoS? Or maybe they're testing it like SMTP servers did long time ago, just let the clients hang, and let's see if they retry. If client will follow 10k redirects, then it's good? Uh. It seems that they're not banning my IP even if I've done over 200 requests per second for over 10 minutes (just by having their bad redirection stuff open in 10 tabs in the browser). Nah.

  • tpm.fail - Trustped Platform Modules (TPM) (@ Wikipedia) fail due to timing attacks allowing the private / secret key extraction. So much fail! Sure, we know, it's hard to implement constant time code.

  • Disabled TLS10 and TLS11 and 3DES on all servers, disabled all legacy ciphers, kex and macs on SSH servers, etc. Now everything is up to date, AES-GCM or ChaCha20-Poly1305 and SHA256 if possible.

  • Microsoft Outlook FUBARs PGP (@ Wikipedia) clear signed messages. Thank you for that too. If same message is sent to several platforms, all other can verify the signature without problems, except Outlook desktop client. Signature itself is ok, but the data being verified is FUBARed. In this case, it's just better to send the messages as binary attachment and forget clear signatures.

  • Google Chromebooks to provide built-in FIDO authenticator (@ Google Blog). That's very nice development indeed, of course they're using the Google Titan Security Key (@ Google Cloud) technology for authentication isomg authenticator token. kw: FIDO2 (@ Wikipedia)

  • Tried to disable AES-GCM with NGINX but interestingly it seems that even that's not possible. There's no way to prefer ChaCha20-Poly1305 (@ Wikipedia) with current Nginx version. So broken.

  • Figured out how to get console to beep on server, nothing new. Yet it required running modprobe pcspkr before it started to work. Now server(s) can inform locally if there's something needing attention. Without sending any notifications over the network.

2020-11-01