Canarytrail, POF, HTTPX, SSPI, HTTP, Credentials, Ricochet

  • Canarytail @ GitHub - This is a wonderful standard concept and template for warrant canaries @ Wikipedia for different kind of services.

  • Plastic optical fiber (POF) @ Wikipedia. It remains to be seen when standard copper LAN networks will get replaced with optical ones. But cheaper technologies are coming all the time, while copper cables are turning into more and more complicated ones all the time. kw: IEEE 802.3bv, 1000BASE-RH

  • The Gandi data loss case made me kind of smile. Yet another example, why you shouldn't trust cloud. Always, always, have off-site and off-line backups. Sure you might not get the latest data if you'll have to restore the data. Which hopefully you'll never need to do. But it's still a much better option having nothing. - It's important to put things to scale. In normal operations it's really easy forget how wide the problem spectrum can be.

  • HTTPX @ - This is nice. Something I could certainly use when necessary. Looks like pretty trivial library to use. Certainly much more nicer than the standard http.client or the urllib, which might be bit tricky to user, if you're not familiar with those. Of course the HTTPX also brings the HTTP/2 support, if that matters.

  • Also checked out Security Support Provider Interface (SSPI) @ Wikipedia. Yet currently it seems unlikely that I'll never need to use it. But who knows, at least if it comes up, I'll know what it's all about. kw: NTLM, Kerberos, PCT, SSP, CredSSP, DPA, PKU2U, GSSAPI

  • HTTP headers for the responsible developer @ Twilio - Anything new? Let's see. HSTS, CSP, Cache-Control, CORS. Oh, but the parameter immutable is something new, interesting. Accept, Accept-CH, link headers are nice, especially with HTTP/2 push features, including prefetch and preconnect. Feature-Policy was a new thing for me as well. Yet I generally don't want to include any third party junk, so it's not useful in that situation.

  • While updating credentials & email addresses I found out funny things. Like one bank is using HTTP for their web bank from their front page. Sure it'll later redirect to HTTPS, but that's still way stupid approach. Hail you bank elite it staff. It redirect to HTTPS later, it's secure. Yeah, sure, whatever. Many sites are making email address changing really hard, and some even impossible. Also renewed password and deleted many unused accounts. Scaleway passwordless login uses HTTP links, I've got nothing to say about this because, I've got nothing good to say about this. It's just amazing how many crappy web sites you'll find out, when you completely disable HTTP and default for HTTPS. Namecheap email verification link gives Cloudflare Error 522, lol. Namecheap main site gives Error 525. Again, nothing good to say about this. Production software quality and reliability are ahem, excellent. Docker Hub logout isn't working. community forum login fails after setting Unicode password. It's also interesting to see how many sites do not have clear option to delete account easily. Microsoft doesn't support + address notation, when creating accounts like for Bing webmaster tools, more quality code RTF-RFC guys. Also their accounts are incredibly stupidly linked to email addresses, which is classic engineering fail. Never link user identity to email address, that's one way to create such a mess and so many problems and security issues.

  • Read: Ricochet Design @ GitHub - Arr, still using Tor Onion v2 addresses and Briar Threat Model @ Briar Project.

  • Listened: The Platform Challenge: Balancing Safety, Privacy and Freedom — Alex Stamos (DataEDGE 2019) - Thank you, great talk, the dark deep net forums stuff made me smile. Yeah, I've heard people complaining that it's so challenging to gain access. Sure, that's just how it's designed to be. You'll need to be connected, but maybe nobody really knows who you are. But if context is right, then it doesn't matter.

  • So sad to hear that is shutting down. I've really loved and embraced the service. I've got many email addresses there, no, not hundreds more like thousands. It's good to make a decade cleanup with email addresses as well, while migrating to new service(s). AFAIK, it's still running, but my personal guess is that if they encounter ever any serious problem, who's going to get it back up again, nobody.

  • Something different: Rosalind Franklin (rover) @ Wikipedia.