Blog‎ > ‎

ReFS, DFS, TPC, StartSSL DV, Tor, Opsec, Ubuntu, Admin, Firewall, DOS, Zip's Law, Fail

posted Jun 3, 2016, 9:34 AM by Sami Lehtinen   [ updated Jun 3, 2016, 9:36 AM ]
  • Experimented with ReFS using Windows 2012 R2 Data Center edition. Also tried Dynamic Disk, with Spanning, Striped and Mirrored volumes. Also performance tested all of those on the virtualization platform we're currently using.
  • Checked out Dynamic Frequency Selection (DFS) / Channel Allocation Schemes and Transmit Power Control (TPC). All related to 5 GHz WiFi / WLAN. Yet of course also more widely used with any modern mobile networking including cell phones etc, mobile data.
  • StartSSL had a minor SSL Certificate Authority issue, because they didn't properly validate domain ownership. StartSSL Domain Validation. Nothing new in a sense that whole CA arrangment is so bad. As said, being trusted by CA doesn't really mean anything. Except being trusted by CA and that's not much.
  • Nice post by CloudFlare - The Trouble with Tor. Nothing new in that article.
  • ISIS Encryption Opsec - This link is here only from technical perspective. But it's worth of checking out.
  • Ubuntu on Windows - Nice, really nice. But what do we need the Windows for (?).
  • Some quite interesting cases with tax authorities. But unfortunately I can't go into any details. I'm just very curious what the outcome will be. All this privacy and rights discussion in Europe is very interesting.
  • Troubleshooting multiple different performance & failure scenarios with systems. Both at work and at home. Business as usual. Just pure bliss. Only good thing about all this is, that I'm actually pretty good at this stuff.
  • Sometimes I just wonder actions which system administrators take. If server is being attacked, what do you do. Start blocking traffic, or lower the defence to make it more probable (?) for users to get in. Aahhh... I don't think I have anything to say about this. If remote desktop NLA is eating a lot of resources to negotiate authentication. Is it a smart move to remove NLA so the attackers can open remote desktop access? Of course this reduced the requirements on NLA and negotiation, but ... Oh well... It's better to just not to think about these things.
  • Checked out Zipf's law and Zipfian distribution. Nothing new there actually.
  • Still can't stop loving smart engineers. If you got code A which got a minor bug. No, we won't fix that. Instead we develop workaround B which requires 20x the effort and adds crappy clutter to everything and make installation complex and configuration extremely unintuitive, requires additional documentation and honestly said is extremely stupid 'solution'. All this because the clear issue A isn't getting fixed. - Next time when your car needs service, don't service it, just buy a new car and keep the old cars insurances and keep it stored in your garage or lawn. - So bleeping smart, but this happens over and over again. - Yeah, I admit it, it's rant time, but this isn't the first time for sure and won't be the last time when 'solutions' like this are done. - Extreme anti root cause attitude example. I wonder if it's incompetence or if they're just making evil laugh  when they're implementing Dilbert things. - This is the specification, how we can full fill it in the craziest and most unusable way possible. But so that it's done exactly according the specification, making fun of every potential loophole left there.