Blog‎ > ‎

Cloud, Certificates, s2n, TEMPEST, data mining, IPv6, PostgreSQL, Let's Encrypt, Latency, Data Protection

posted Jul 6, 2015, 6:13 AM by Sami Lehtinen   [ updated Jul 6, 2015, 6:13 AM ]
  • Checked out Trusted Cloud Europe - A policy documentation how to create secure and trusted cloud environment and agreements, and how Europe could get such ecosystem built?
  • Something different: Meteor missile
  • RCC - check your system's trusted root certificate store. Do you have some certificates in your system which you really wouldn't want to have? I got this one: Number of 'interesting' items: 1 (Not part of baseline RCC1_STANDARD_MCP): 32F30882622B87CF8856C63DB873DF0853B4DD27: VeriSign Class 3 Public Primary
  • s2n -  a new open source TLS implementation - Is (?) there's a need for OpenSSL alternatives.
  • Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation - TEMPEST stuff is nothing new.
  • Tested servers in UpCloud's new Frankfurt Zone with MaxIOPS, it all looked good! Frankfurt is slightly bettery location to host services for whole Europe than London and quite much better for Nordics like Denmark, Norway, Sweden and Finland.
  • Excellent article Top 10 data mining algorithms in plain English. - It's really worth of reading it!
  • Ublock is better alternative to AdBlock. - I'm now using it.
  • Had to disable IPv6 privacy extensions on some servers which are causing constant trouble using commands:
    netsh interface ipv6 set global randomizeidentifiers=disabled store=active
    netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
    netsh interface ipv6 set privacy state=disabled store=active
    netsh interface ipv6 set privacy state=disabled store=persistent
  • Enjoyed some issues with IPv6 privacy addressing (RFC 4941) and SLAAC (RFC 4862). It seems that the privacy addressing might not remain disabled for unknown reasons. So annyoing. Well, I'm pretty sure I'll find a solution for that. When I reboot the system, privacy addressing is again enabled. Aww... It seems that only viable way to work around this is to configure a static address.
  • What's new with PostgreSQL 9.5 - BRIN (Block Range) Indices look really interesting. - A full listing of changes
  • When checking servers logs, there's amazing amount of different bots which crawl the sites, I just saw these two: PaperLiBot/2.1, uMBot-LN/1.0 and probably those aren't going to be the last new bots I see.
  • They're so right, people continuously downplay risks related to ICT systems. They always seem to think that we don't have any valuable data, nor nobody's interested about it. Well, that's exactly why many systems are so easy targets, because nobody thinks those would be targets in the very first place. Also most of project related people always seem to think that security doesn't really matter at all. I've seen this happening over and over again.
  • Let's encrypt is good and bad, it's always just how people consider things. Afaik, it's also kind of bad that after let's encrypt launches all sites serving malware will also be 'secure'. So it's up to the users to understand that using encryption has nothing to do with being secure.
  • It seems that service providers (Yes, at least three individual onces) treat IPv6 as second class citizen clearly. If there's a networking issues IPv4 problems are resolved quickly, but fixing IPv6 issues or even noticing those, can take considerable time. Up to days. Well, I'm pretty sure that situation is going to change in future. One issue is still on going, it's ridiculous. Repeated outages and this time it's NOT about the configuration issue with MLD.
  • Maybe this is going to change that? - North America out of IPv4 space officially.
  • Once again really enjoyed reading The Economist, it's just excellent magazine.
  • CloudFlare guys play with network stack and try to shave off latency. A really nice post.
  • Finished reading the Handbook on European Data Protection Law (EU, European Union). - That was well, a really horrible thing to read, but topic is good. If you need to get some sleep, try reading this.
  • Had once again long discussions with colleagues as well as with friends about different cloud services, pros, cons and so on. It's impossible to say anything without proper case study and testing. Of course you can set some kind of rule of thumb, like where the service is mainly used and do you just use it for backups, do you transfer lot of data, what kind of access speed you need. Do you need a lot of ram, CPU power, both, networking, SSD or traditional disks. Do you run Windows, Linux or do you want some kind of SaaS / PaaS and so on.
  • Google+ seems to think that you're probably liking posts you try to mute, because those activate you... So you'll end up getting just more of the stuff you didn't like! It's a good strategy if your goal is to annoy people. Everything what really upsets them, is the stuff that will make them react. Even more than stuff what they like. ;)