OVH, Session, FemtoStar, CRL, PsyOps, Scrum, SimpleX

1. Lot's of tuning. OVH (@ Wikipedia) dedicated servers, backup storage, automated backup. Maximizing SSH security. Traffic allowed only from whitelisted networks, to only IPv6 management addresses, which aren't used for anything else and so on. Authentication only using keys, keys password protected, passwords encrypted and stored separately etc. Nothing new, just executing it as it's supposed to be done and as it should always be done. Even if someone would have the keys and passwords, they can't still access the systems, if they're not using it from the very limited whitelisted admin networks. Using jump hosts (bastions), etc.

2. Some thoughts about Session (@ Wikipedia). The company is in Australia which isn't well known for it's privacy laws. The messenger runs on LokiNet with Oxen tokens, what's the point of involving crypto currency here. Incentive to the administrators? But it doesn't matter whom run the servers, if the software is closed / centralized. This is same point which I do make about many crypto currencies. It's not distributed, if majority of nodes is run using single code base. The protocol lack forward secrecy and deniability. Also messages are stored on the nodes even if deleted by clients. Their social media marketing is ridiculous, they focus on wrong things. And it's not publicly known who's administrating, making decisions and actually funding this project.

3. Had some interesting chats with FemtoStar team. That's very interesting project, the team is small, task is huge. But they're seem to be really thoughtful, smart and making good progress. I hope the project will be great success.

4. Let's Encrypt is bringing back CRLs, even if I've (and everyone else?) been using OCSP for a good while. Bloom filter's, again. I've been using bloom filters quite often lately, it's everywhere. I also noticed that my Firefox didn't have CRLite enabled, everything else was good in the config.  End-to-End Design of CRLite (@ blog.mozilla.org). Yet I personally prefer to use OCSP stapling with my servers.

5. Good points, there are options to harden Firefox like: security.remote_settings.crlite_filters.enabled = true, set security.cert_pinning.enforcement_level = 2 and set security.OCSP.enabled = true.

6. Sweden launched official PsyOps site, nice. Psychological Defence Agency (@ mpf.se) -. And their campaign site: - Don't be fooled: "Magicians aren’t the only ones who can manipulate and deceive" (@ bliintelurad.se). - To be honest, it's not a bad site at all. Good information for people whom aren't familiar with the topic. As example clarification between: disinformation, misinformation and malinformation is very clearly presented.

7. Spent a few days reminding my self about Scrum (@ Wikipedia). kw: requirements volatility, unpredictable challenges, product owner

8. Improved many data erasure related shell scripts. Clarity, performance, etc. Added more checks, as example blkdiscard is only called, if device supports discard / trim etc. All data erasure is centrally logged, including drive serial numbers etc.

9. Tested and experimented with automatic platform resource management and hot system resize features. Adding resources like memory and CPU cores, worked fine with Linux. Windows used extra cores, but didn't accept extra memory without reboot. And finally, hot resize only allows upgrading servers, you can't downgrade. Which means that it can help in some very rare situations, but in general it won't allow auto scaling. Unless your platform is designed to be run for smaller modules, which can be started and fully shutdown based on the on-demand platform load.

10. Scrumban (@ Wikipedia) - Nice way to limit open tasks while Scrumming. Nice mashup.

11. SimpleX.chat (@ simplex.chat) checked out.- It looks quite simple and I like it. It could be my favorite chat app so far. I have to read all documentation, blog, configuration stuff, maybe and slightly check the source code, etc.

12. Something different? Watched Tehran and The Bureau (in the background as usual), quite nice TV series. Yet nothing new.

2023-10-22