Proxy, GDPR, IO Ninja, Babel, Users, Twitter, MergerFS, Tails, TLS, OWASP, IPv6
Many seem to forget that standard Windows supports port proxy features out of the box. kw: windows, portproxy
GRPD fines. GDPR isn't a joke. 200k€ for maintaining unnecessary customer records and 15k€ fine for losing USB stick with customer information and not reporting it properly. This is a good reminder to everyone that you should take proper care of customer records.
Wanted to try IO Ninja for MitM:ing some connections. Yet the trial license generation didn't work. It just gives totally awesome impression about software quality, when it fails before you can even use it. - Well, it was over hyped software anyway. I just replaced it by pure Python 3 script which contains less than two hundred lines to get the required functionality.
Studied Babel routing protocol. Which can be efficiently used to route messages in MESH networks with multiple parallel and potentially unreliable links. And checked out Disaster.radio - A nice idea and great hobby learning project. Even if it might not be the most practical solution. kw: ETX, DSDV, AODV.
Things end users care about but programmers don't - This list made me smile. Well, I guess I've written about most of the topics on this list in my blog already. - Yet some of the things can come up in totally wrong step of process. Like as example the discussion about user interface buttons. Kind of bike shedding.
Twitter new ToS and Privacy Policy. Maybe I've just got too much time or I'm seriously bored. But let's see if there's anything interesting in the 2020 contracts. It didn't contain anything surprising. I also decided to read WhatsApp Privacy Policy just to remind myself.
Can't stop loving mergerfs, it was just so quick and trivial task to add extra disk space to server. Just lovely. It took about 3 minutes to add extra disk to servers disk pool. With many other platforms, it's much harder than that. Connect disk, add gpt, create partition, format, create mountpoint, mount partition, add disk to fstab, create merger fs directory and connect the directory to the mergerfs union file-system. This also makes removing if required the disk later, absolutely trivial. Just remove it from the pool, move files from the drive to the pool, and remove disk from fstab and then remove it manually.
Tails - turns 10! - So the time passes. But previous live privacy distributions were great, and Tails is the leading privacy solution currently. I recommend checking it out.
TLS security and hype - Putting things to perspective. One customer was really worried about TLS10 being totally insecure. Yet the same time their systems are configured to skip certificate trust chain verification completely. So any self signed random SSL cert is just fine. TLS10 attacks required MITM and certificate verification skipping makes MITM trivial. So which one is the bigger risk. I'm just wondering, not saying anything. (Year 2019)
OWASP Top 10 2017 file naming made me laugh. They have intentionally named the report file as .pdf.pdf for what? People who are hiding file extensions and are worried about file type, or? Kind of funny. Or maybe they made it just to troll people. I would have named it for fun as .exe.pdf so someone would complain that we're serving .exe files. Ha ha.
Every IPv6 address has-a.name. Now you can use IP-V6-ADDRESS.has-a.name format with programs which do not handle [IP:v6:addr::] formats properly. As bonus, because it's real DNS name, you can get SSL certs etc with it. No need to get domain or subdomain from someone. Everyone got a address.
Something different? Seasonal thermal energy storage.
2020-11-22