OVH, Duplicati, Netlify, Vulnerabilities, TRNG, JWST


  1. Again with OVH, bad user design, and inconsistent user experience and illogical processes, create lot of user support requests / tickets, which wouldn't be necessary at all, if the user wouldn't be so confused about the bad and inconsistent information they were provided to begin with. This is one of things which is something that many developers do not simply get. - Every time when I encounter some question which was caused by bad UI / information / inconsistent messaging, I answer to the question. But I also fix the underlying cause which cause the question. But just as I stated in the previous post about Matrix / Element UX, some just don't get it. - On top of that with OVH, then their helpdesk gives you some kind of idiotic answer which doesn't help you at all. But isn't that the classic way of trolling? Situation remains unclear and nobody (probably even the helpdesk) doesn't know what's actually happening. All parties are just confused about what's happening. That tells that there's huge problems which go really deep within the organization.

  2. Again with Duplicati, as with so many other software developers. They do everything to avoid fixing the issue. Is it better to spend 10x time explaining why something can't be fixed, instead of fixing it? - Oh well, just as with some other random projects, sometimes it's just best to avoid companies and or their software completely. Because the problem isn't even the bad code or service, it's their overall mentality about how things are handled.

  3. Just a few days ago I ordered something from a online store. It was shipped to wrong destination. After making complaint to the store and shipping company, both blamed the other party. Absolutely expected result and great job.

  4. Just learned about: Netlify allowing custom HTTP headers (@ docs.netlify.com), that's awesome. Implemented it right away. And results, improved security, and caching a lot.

  5. Schneier on Security blog got nice post about: Hiding Vulnerabilities in Source Code (@ schneier.com) - Good old Unicode tricks at play, haha. ref: CVE-2021-42574, CVE-2021-42694

  6. Got involved in entropy discussion, people running extensive Diehard (@ Wikipedia) runs against my TRNG (@ Wikipedia). Oh well. One interesting this is how you should exactly interpret the results. But as it was in one Dilbert strip, with random you can never be sure. - Yet they tormented me. I delivered around 4 TB of data from my TRNG for them to verify and after that they were happy. Was it worth of it? Probably not? But I got a bunch of hardcore random Diehard freaks, that now "trust my random". Duh... No, the random was TRNG random directly and not the information derived from my random page, even if the random pages seed is constantly update from TRNG.

  7. James Web Telescope JWST launch is nearing. Read quite a lot about it, because I'm expecting it to have very advanced and interesting solutions. Just the thermal shield alone sounds really scary, I mean, does it deploy properly? If not, it would be such a huge loss. All the booms and sliders and temperature differences and, oh well, what could go wrong? Let's hope everything will go perfectly. kw: L2 Halo Orbit.

  8. Improved and checked HTTP headers for many sites: Content-Security-Policy: default-src 'self', X-Frame-Options: DENY, X-XSS-Protection: 1; mode=block, X-Content-Type-Options: nosniff, Referrer-Policy: strict-origin - Yet especially with static sites without any user provided content the CSP feels bit silly. If content can be modified, well then it can be. And because everything is over HTTPS already, well. At least it limits chaining loading from untrusted resources and integrity tags can be provided for libraries, etc.

  9. Also had much fun with social media Open Graph (@ Wikipedia) tags and Twitter cards and other meaningless stuff.

  10. Lot's of tech stuff, can't really say what it is. At the same time is stressful and worrying, but also I'm kind of optimistic, hopefully we'll find answers to some of the questions which have been bugging me for a long time. Maybe at later date I can tell you more about this experience. On the other hand, facing fears and doubts is generally a good thing, then it removes the related uncertainty.

2023-01-08