SSH, WebAuthn, Sandbox, Digital Euro, GRUB2

1. SSH login fail - What then? - But in general, I'm really wondering if nobody has ever actually thought about logging into the system when SSH isn't working. Never disable password login, it can be quite bad situation when login only works with keys, which you can't provide. - Well, situation solved. I deleted the broken server, created new and restored from backup. But I can see why this isn't optimal solution in many situations. I've also heard about people whom don't always have up to date backups of their systems, in case the system suddenly gets AFU.

2. FIDO2 / WebAuthn / Firefox / Linux - Whoa, Finally. With Firefox 114 (@ mozilla.org) on Linux, FIDO2, WebAuthn is finally finally finally working again! Including passwordless logins (CTAP2 not only 2FA / U2F). 

3. Configured Windows Sandbox for testing environments. This is awesome. I'm really wondering why I haven't thought about this earlier. Well, now I have. Yet this doesn't strictly limit access to network and file system, as you can do with bubblewrap on Linux. But it still prevents modifying data. Which is already very good improvement, over running programs without sandbox.

4. Checked out new features in Linux kernel 6.4, ext4, F2FS, btrfs improvements very nice indeed as well as WiFi 7 support. Let's see when the distribution I'm using actually delivers this version of kernel, it might take a while. For special situations where raw NAND is used without FTL, then YAFFS2 could be a good option. But at least I don't have such flash devices at all.

5. Digital euro (@ Wikipedia) project moves forward. EU released new updated press releases (@ ec.europa.eu). After reading the documentation, I don't know how it could be a bad thing. Some people seem to strongly oppose it, but why? It's great to have such alternatives. If there's something I've been wondering for a long time, why European payments are out sourced to Visa and Mastercard, I think that's just silly.

6. Checked out Ventana high performance RISC-V CPUs. Interesting. I which there would be more open source platforms like RISC-V (@ Wikipedia).

7. Compiled a SimpleX.chat client, XFTP and SMP servers for AArch64 (ARM64) (@ Wikipedia) architecture. Works beautifully. Nice, now it's possible to run the clients, bots, message and file servers on RPi and with other ARM systems like Ampere (@ Wikipedia) CPUs.

8. I wonder who has designed the Linux recovery procedures with GRUB2 (@ Wikipedia). It's about as user hostile as humanely possible. If you press ESC too slow OR you've pressed it too many times. It won't work. First ESC press enters the boot menu and second one exists it. If was extremely frustrating process to login from console. Took me four attempts during 10 days. Fixed: Set manually static IPv6 and gateway & DNS info, allowed SSH over IPv4, open firewall for SSHv4 globally, set root password and allow password login. - Now it's much easier to gain control of the system when necessary. - And this mess was caused due to the DHCPv6 getting broken with Ubuntu / Oracle Cloud. Maybe their RA doesn't advertise managed flag or something. Didn't bother to check it out, but everyone else I know using Oracle had the same problem anyway. 

9. The post above is quite good example of balancing things. If you make systems so it's hard to gain control, it's hard. I also started to think that every system should just have reverse root shell backdoor scheduler. If I need to gain access to server. I'll just create some pseudorandom DNS record or file on some web server, and then point it to my IP. After waiting for a while listening on a specific port... Boom, I've got a root shell open. This would be incredibly useful when you need to take over systems, which are protected (read inaccessible) due to firewalls, VPNs and other silly requirements like 2FA or somewhat broken SSH configuration, and the list goes on, broken sudoers, etc.

10. Something different? Soft recoil gun. Nice and quite obvious idea, reduces peak recoil energy by 70%. Sorry no link, I couldn't find suitable reliable source for long term linking. Magnetic Navigation using Earth's Crustal Field, Vision navigation.

2024-05-19