VLC, Teams, SimpleX, E-sail, Rapid Reset, Security, SLSA

1. Interesting times, gas pipeline between Estonia and Finland damaged as well as optical fiber telecommunication cable. - Let's see if anything follows from this. - It turned out that basically nothing.

2. Windows patches as important as ever. October 2023 package contained 104 fixes, 12 critical ones and three zero days. I really hope people won't leave systems unpatched. - Yet that wouldn't be news.

3. SimpleX Chat review by Seth for privacy (@ freedom.tech ) - Very nice, I've got nothing to add.

4. New Teams ala Microsoft is the morning annoyance. It seems that their incompetent team hasn't been able to implement forward message on desktop for several years. The issue still persist, it's probably too hard for their desktop team. Yet, of course you can always use the mobile app to handle forwards. But somehow that's just stupid and indicates how badly their client development is managed. - Similarly Element Desktop and Android behave differently when forwarding content. Desktop forwards files, but Android reports. Who's the bleeping designer behind this consistent UX?

5. Noticed that VLC doesn't support Versatile Video Coding (VVC, H.266) (@ Wikipedia) yet. Well, when that support arrives, then next in the queue is - MPEG-5 Essential Video Coding (EVC) - (@ Wikipedia) -.

6. E-sail plasma break tests (@ esa.int) with ESTCube-2 satellite. Interesting development. Joint operation with Estonia, Finland and Germany of course under European Space Agency (ESA). Plasma break should drop the satellite more than 20 km / year.

7. The novel HTTP/2 ‘Rapid Reset’ DDoS attack (@ cloud.google.com) - Doesn't really surprise me. There's nothing special about that. Protocol is followed and all is good. If the server side accepts such flood well then. Quite similar compared to the case, where random byte ranges were requested from remote server quickly. Which has unfortunately lead to many servers to block efficient seeking on media files.

8. National Security Overview 2023 (Finland) (@ supo.fi) - A special attention was paid to intelligence and influence operations and cyber security. Read also thoroughly the latest 2023 documentation and reviews about supply chain security and software security. Including organizational implementation, responsibilities, secure software development principles, fulfilling security requirements and best practices. kw: national security, cyber security, information security, National Cyber Security Centre Finland (NCSC-FI)

9. Updated to using latest matrix-commander (@ GitHub). It's excellent and works well. I were expecting problems since last update was about 5 months ago. Matrix commander is wonderful and makes integrating programs, sending and receiving encrypted messages trivial.

10. Passkeys (@ Wikipedia) : I've been so annoyed that it didn't work properly with Google. But freaking finally, today I tested it again, assuming it's still broken and it worked perfectly. - Great, yet it required reregistering the keys.

11. Wrote a long report to ISPs NOC about networking problems between specific ASN pairs. Let's see what the answer is. It's probably internet is broken and we don't care, as usual. Yet the only nice thing is that the issues only affect IPv4 traffic, IPv6 traffic flows unhindered.

12. Software supply chain security (SSCS) documentation 2023 for corporations. kw: CI/CD, CRA, DevOps,  DevSecOps, ISO 270001, NIS2, NIST CSF, Operational Technology (OT), OWASP, PCI-DSS, SBOM, SDLC, VAHTI (Finland), Cyber Security, Software Security, Information Security, Responsibility, Risks, Shift left, EC 62443, Bug Bounty, Secure by Default, Hardening, Secure Coding Practices Checklist, Katakri (Finland), Cybersecurity Capability Maturity Modeliin (C2M2), Software Assurance Maturity Model (SAMM), Secure Software Development Framework (SSDF),  Application Security Verification Standard (ASVS), Cyber Recilience Act (CRA),ISO 27002, Supply-chain Levels for Software Artifacts (SLSA), Software supply chain security

13. Final fresh remarks: Google Sites editor also finally works. It doesn't work in a random manner when creating new posts or hang with saving anymore. Kind of surprised that they managed to fix this obvious flaws. I complain a lot, but now it's finally good. Approved! - Just like anyone would care.

2024-08-11