Briar, WebSub, IPv6, Certbot, SSDP, IIS, SFTP
Briar, WebSub, IPv6, Certbot, SSDP, IIS, SFTP
- Studied Briar mailbox / repeater - After quick look, it looks nice. Of course large groups would be a major problem. But on such privacy focused tool, large groups are also quite unlikely. Briar @ Wikipedia.
- Studied WebSub - PubSub over HTTPS - WebSub @Wikipedia. - This one should be obvious and trivial, let's see if there's anything worth of mentioning in the documentation. No wonder it sounded familiar it was called earlier PubSubHubbub. HMAC signatures is nice feature, so no trivial spoofing, hub.secret. Subscriber callback address confirmation using hub.challenge got nice touch. The security and privacy review at the end of the specification made me smile, good stuff.
- Funny error messages. Windows says that device has requested 0 percent of channel bandwidth and it can't be allocated. Say what? Sounds really silly.
- Pure rage, Microsoft stores malformed IPv6 addresses in event log. Are they really that incompetent? Event ID 1149. IPv4 addresses are there nicely, but IPv6 addresses are messed up. I just hate all kind of inconsistent junk, which adds code complexity and creates potentially dangerous bugs and makes testing and development much slower than it should be due to excess time spent on figuring out seemingly trivial things which are overly complicated. - Confirmed, Microsoft has screwed it up. Addresses are seriously malformed and totally invalid. like 0:0:1:2:3:4::%945458754 - Thank you guys for that too. How about just 1:2:3:4:5:6:7:8. All this adds so much complexity and wasted effort. Thank you for making software development 'efficient'. - Is this a bug or intentional sabotage and making things complex just for fun? - Required a workaround to be added and modified some code. Once again. - Anyway, if someone knows why addresses are in that format I'm honestly curious, nobody seems to know.
- Enjoyed satellite data transfer. Amazing speed ~35kilobytes / second, ahh. That's so enjoyable when you've got gigabytes to transfer. Of course the connection is also lost all the time etc, but luckily I'm using protocols which deal with that just fine.
- Security event guard rails, where to pay attention, and if alerts should be triggered or threats automatically mitigated.
- Interestingly Certbot @ EFF now uses port 80 to check hosts, earlier it was able to use 443 to check .well-known acme challenge. You might guess, if port 80 was blocked, because it's totally useless. And if that caused certificate renewals to fail.
- Stupidly Simple DDoS Protocol (SSDP) generates 100 Gbps DDoS - Just more UDP reflection amplification attacks.
- Amazing problems again with Clonezilla @ Wikipedia, it just doensn't work and debugging takes huge amounts of time. Well, that's life in IT sector.
- IIS (Microsoft Internet Information Services / Web Server) @ Wikipedia decided to break down during weekend, nobody knows why it won't run the required programs. It just gives internal server error (500), it has been verified that user rights are right as well as the programs run perfectly. In matter of fact the IIS doesn't even load the services, but why? Nobody knows. Lot's of frustrating debugging is required, no configuration changes have been made. Oh joy. all the error messages are out of my error message troll post, and do not give any indication what the actual problem is. But it will be figured out eventually. It's just such a huge waste of time. I'll get back to this when I've found the reason. Only bad thing is that these random hard to debug issues cause production downtime. - Finally after sleeping over it I found out the reason. There was file called "program" in the root of C-drive. I really don't know why this cause IIS to fail, but it did. After removing that file, everything started to work again.
- I configured SFTP @ Wikpedia only accounts, with corresponding restricted directories with Nginx @ Wikipedia on Linux. That also required some tuning, but it was still fun, because it required several steps, but all of those were quite clear and solvable. So sure, some work, but not enragingly pointless trial and error without any clear hints. Only thing which is still missing is configuring the default directory. No, it's not ok to the default directory to be configured as home directory. But it's required to change directory right after login. With SSH this is trivial, but with sftp I'll still need to find a way.
2020-05-24