Outlook, Fwknop, Discard, Privacy, BunnyCDN, Fish, LetsEncrypt


  1. Again serious email problems with Outlook, this is really painful experience. I wonder why anyone would choose such a service provider. - Sigh! It's kind of irony, that Outlook rejects email very easily due to varying more or less random reasons. But on top of that when emails are being sent using outlook they're violating their own rules. Which is well, just simply lulz. This also has unfortunate side effect of bounces not working at all, because the message envelope from address is invalid. This is something so ridiculous, if I would be running similar service, it would be fixed in minutes. But I've been observing this bleeping behavior for years. - I really cant stop loving services which constantly pi** you off by being full of *it..

  2. Helped a friend to install fwknop (@ cipherdyne.org) Single Packet Authorization (SPA) (@ Wikipedia) Port Knocking software on Linux server. It utilizes iptables (@ Wikipedia) and allows everything to be hidden behind firewall until the correct cryptographic authorization packet has been received. This is great way of minimizing the attack surface, because the services running are completely invisible before the authentication process is completed. As well as the authentication server sends no reply whatsoever on invalid attempts, so you don't even know if it's listening or present making discovering it basically impossible. Unless you can MITM (@ Wikipedia) the traffic and have seen earlier authentication traffic. But as mentioned, it still nearly eliminates the attack surface of the services running on the server(s) and provides strong service concealment. Yet again, these are things which can be done in so many different ways. - I've heard that some people use similar process which is embedded with already visible services. Like using web-server to provide SPA for other concealed services. Similarly it's possible to use non published IPv6 addresses which are service specific, etc. As well as of course limit the address space where even the authentication is possible. Again situation where there can be multiple layers improving protection, as well as limiting brute force attacks, attempts etc. It all builds up. - Anything over anything, ssh or even telnet over websockets (@ Wikipedia), why not?

  3. Just realized that latest iostat (@ Wikipedia) also shows IO discard / discard / trim / unmap (@ Wikipedia) operations in statistics, this is awesome. Earlier those just created "phantom I/O" and IOPS counts were high, even if no reads or writes were present. Now those are clearly shown separately. Good good! kw: Linux, discard, trim dscd, disk statistics, storage I/O, io operations, block storage

  4. Nice analysis Shedding light on designing web features with privacy: risks, impact assessments, case study (@ lukaszolejnik.com). It's so easy to get things wrong or underestimate risks, unless proper analysis is done and action taken.

  5. Some of the BunnyCDN (@ bunnycdn.com) features are really nice, like Perma-Cache and Geo-Replication.

  6. Played with fish shell, and encountered these NTFS (@ Wikipedia) tools on Linux. Nice. I've been kind of missing some of those tools, but never actually really looked for those. Like netfswipe, netfscluster are really nice as well as ntfsdecrypt (which I knew about) is really handy for data recovery, in case you've happen to have the keys backed up. Hehe. - ref: ntfs-3g ntfscat ntfscluster ntfscp ntfsfallocate ntfsinfo ntfsls ntfsrecover ntfssecaudit ntfsundelete ntfswipe ntfs-3g.probe ntfsclone ntfscmp ntfsdecrypt ntfsfix ntfslabel ntfsmove ntfsresize ntfstruncate ntfsusermap

  7. Finally Let's Encrypt is starting to use ECDSA certs (@ letsencrypt.org). I've been waiting this for several years. I've preferred ECDSA certs for ages already, but now you can have ECDSA root as well. Btw. It's a great post with some technical and background information, it's not just typical tech news press blooper release. kw: "CN = ISRG Root X2"

  8. A Cryptologic Mystery (@ mattblaze.org) - A nice story and a blog post. It's no news that random is really important for cryptography. kw: number stations, OTP, cryptographic, traffic analysis, Nein Nines attack.

  9. Something different? TAI TF-X fighter (@ Wikipedia)

2021-11-21