CF, O3b, Fiber, MTA-STS, Teams, Matrix, IPv6
CF, O3b, Fiber, MTA-STS, Teams, Matrix, IPv6
- Cloudflare 1111 (1^4 or 1.1.1.1 or onedotonedotonedotone or one.one.one.one)+ WARP mobile VPN free for everyone. That's nice. I rarely use VPN for network access, because I think that VPN is over hyped and marketed with misleading information and so on. But in some situations you actually need it. Great thing about Cloudflare is that they've managed to keep a good reputation. But if you're paranoid tin foil hat you could be suspicious about them. It's nice that they use WireGuard, I also liked it's concepts.
- O3b Networks is launching satellites. This is awesome, it seems that there are plenty of new satellite internet providers launching. I hope it really drops satellite Internet connectivity prices and gives great performance boost. And a lot cheaper satellite terminals.
- Finally have fiber connection from end to end installed. Fiber is quite expensive to install, but now we've got ultra fast connection with minimal latency. It was hard trade-off to consider. With fiber there's minimal latency, but still g.fast would have also provided very low latency less than 1ms. So I really don't personally know, if installing fiber was worth of it. Installing fiber creates considerable costs. Of course this is future proof solution, but if "sunk cost" can be delayed in presence of uncertain future, I think it's usually wise to delay the costs. Which means investing in new expensive new data path, if old path is still "good enough".
- Studied SMTP MTA Strict Transport Security (MTA-STS) / RFC8461 - Yet another standard to make email more secure. This time copying HSTS concepts to SMTPS. I'll bet it's going to take a long time, before solutions like this becompe popular / well known / widely used, especially on client side. But anyway, it's great that work making email more secure is still being done. - Opportunistic TLS which is often used with SMTP(S) is vulnerable to man in the middle (MITM) attacks. Gmail has started using this standard already.
- Everyone I've talked with has hated the fact how inefficiently Microsoft Teams uses screen space. It's true space waster. Great example of really poor UI design.
- Read lots of hijack and takeover pwning of Matrix.org and Riot.im infrastructure, signing keys, etc. How SSH-Agent forwarding lead to the initial exploit. How API keys were stolen to control DNS from the systems and finally the code signing keys were found from the environment. Lot's of serious security fails. But it's really common that people just don't care about these things. It's handy if everything is just sitting on the disk or cloud, in unencrypted format. Also made sure that ssh agent forwarding is disabled in all of my environments, which it was already. Also many of the security related tickets and discussions were deleted from GitHub Issues list.
- In the morning I did read reports which showed security issues like: Lack of binary protections, Insecure data storage, Unintended data leak, Client-side injection, Weak encryption, Implicit trust of all certificates, Execution of activities as root, World readable / writable files and directories, Private key exposure, Exposure of database parameters and SQL queries as well as Insecure random number generation. These issues were found in, Retail banking, Credit card issuers, Mobile payments, Retail brokerage, Health insurer, Auto insurer and in cryptocurrency applications and sites. - Nothing new I guess. It's just so common that some things are done in a bad way.
- Interesting statistics on IPv4 and IPv6 address allocation and fragmentation, yet nothing unexpected. IPv4 address space is being chopped into smaller and smaller subnets. As well as IPv6 adoption is presenting itself as growth of more and more IPv6 address blocks being advertised. Of course the fragmentation of IPv4 space leads to larger and larger routing tables with around one million entries.
- Watched SpaceX Falcon Heavy launch live during the night, awesome. All three boosters as well as two pieces of fairing recovered. Absolutely great results!
- OVH launched Sydney and Singapore regions.
2020-06-07