ISO20022, Matrix, RSA, Oracle Cloud, DDR4 RAS

  1. Had so much fun dealing with ISO 20022 (@ iso20022.org) XML messages. This time it was enough to read the messages. But I had to craft full new messages, creating is always so much harder than just reading relevant data.

  2. Matrix / Element - Dehydrated devices support is available finally in beta labs: ""Offline encrypted messaging using dehydrated devices". This is one of the features I were really keenly waiting earlier. Yet now when I'm using Matrix a lot, it doesn't feel so important anyway. But for more or less random users, this is really important, because otherwise they don't have any trusted sessions. Not forgetting features like audio messages and the new spaces (which replaces old communities later).

  3. The Full Story of the Stunning RSA Hack Can Finally Be Told (@ wired.com). If I would have designed the RSA system differently, I would have generated and entered the seeds locally on the end device. Because the data the RSA doesn't have, can't be stolen. Sometimes I feel like many centralized control systems are designed just to be centralized back doors. If there's no real reason for having the keys on central location. Only two parties need to know each others secrets (in case of shared secret) for zero knowledge proof. Here's no reason to share the secrets with anyone else. - But I personally prefer option where user generates the key pair and it's linked to ID forming ID - Public Key relation, then the authentication party (or anyone else) doesn't need to know the private key, all they need is the public key. In best case like like with FIDO2 fobs, it's held in the HSM and can't be extracted (at least easily). Yet some people dislike this solution, because you can't backup the key. Well, that's kind the whole point of it. If needed, re-authenticate or have multiple keys.

  4. Malicious.life - Episode-117 (@ malicious.life) - Most interestingly this story conflicts with the Wired's story. Wired say they were breached and secrets stolen, but this story says the keys weren't stolen. Highly confusing. Well, with old stuff, and usually covert stuff, it's nearly impossible to tell what the trust is.

  5. Wired | Malicious Life (EP 117) - RSA Hack stories conflict seriously. Wired says they were breached and keys used, but Malicious Life story says that the key's weren't stolen or used. Which story is right? - Got reply from Malicious Life on Twitter, claiming that their story is right. Yet no comments from Wired.

  6. Enabled IPv6 (@ Wikipedia) with Oracle Cloud, it's pretty good example how not to do things. Well, the Cloud Control Panel was quite straight forward using the instructions. But the Oracle Linux, it's broken on so many levels. I had to debug incoming network packets, so I were sure that the issue wasn't on the cloud platform / VNIC side, but it was on the Oracle Linux operating system & configuration side. Because I saw the incoming IPv6 network traffic, I knew it was the operating system and it's configuration causing the malfunction. First of all IPv6 is disabled, then IPv6INIT is disabled and then DHCPv6 isn't working. Things like this shouldn't take several hours. No wonder nobody uses IPv6 because "it doesn't work", without lots of work to make it work. Sure IPv6 works if I run DHCPv6 client manually. As usual lot of conflicting documentation and disinformation and bad instructions and random guessing and bad results. - Pretty much a perfect example how things shouldn't be done. - This is usually just the case which I say that nobody should ever do. Because it easily leads to situation where more harm than good is done. - Pretty close to the OVH IPv6 support which is extremely bad and hard as well. Most of cloud solutions got seriously broken IPv6 by default, unfortunately much hasn't changed during the years. Yet of course it's progress that even if it's painful, it is even possible to enable IPv6 by jumping through all the hoops, moats, tricks, traps and loops. - Well, after everything was working, next reboot seems to have erased the key settings from the configuration files. - Soo awesome. - Well, I added the dhclient to rc.local file to daemonize immediately in ipv6 mode and now it works. - Very brittle and extremely messy stuff. - Total time to enable IPv6 on single host, around 4 hours and it's still a bad kludge solution. Nightmarish.

  7. Read a long document or a short book about DDR4 RAS - Reliability, Accessibility and Serviceability (RAS)

  8. I thin there has to be race condition with the new page creation on Google Sites, because this new page creation works in totally random ways. Either they're bad developers, or expert trolls.