CSIRT, Security, Suomi.fi, Searx, Documentaries, Obvious things, Cloudflare IP ranges

Post date: Aug 14, 2018 10:29:35 AM

  • CSIRT Maturity - Evaluation process - Good things was that the list didn't contain anything we wouldn't have thought and talked about with friends and colleagues in general. Of course there are alternate networking / communication backup channels, etc.
  • Once again with one random project. Why developers put computers accessible over the Internet. Of course, as expected, they use the well known default administrator credentials for all systems and services... Security, what security? They really don't care. They don't bother even taking care of the most primitive security aspects. Once again 'security theater fantasy show', all the ridiculous talks about public / private key asymmetric encryption, etc. But in the actual reality tv, it's way too much to wish for using something extremely simple like plain username and strong static (random) password. I mean with values that wouldn't be the default. It's true that it's unauthorized access and requires hacker or criminal to access system where username is like usr and password is like pwd. Yes, it's a crime. So there's nothing we can do to defend against the all empowered darkness of evil Internet forces? Right? It's almost futile to even try. - No news of course. We know how many mongodb and memcached instances there are and were accessible over Internet with critical data and no authentication whatsoever.
  • Suomi.fi - Finnish citizens electronic service portal is developing fast. This will aslo replace many letters sent by authorities, officials, agencies. National digital secure communication channel for public services, local counties / municipalities. Also check out eSuomi.
  • searx.me - Yet another privacy-respecting, hackable metasearch engine. I actually like it. Only thing I don't like about the default settings, is the strange idea of having Bing and Yahoo enabled. But not having Yandex enabled. It seems that some people are missing the fact, that currently Bing and Yahoo provide basically same results, so it's overlap. But Yandex is actually fully independent and a good search engine. Unsurprisingly site is hosted in Germany as just so many other privacy search and European search engines.
  • Watched hour long lesson about Conscious Capitalism. It was good talk. Good shared values, everyone wins. No rip-off, good for clients, business, employees and environment. As one example they used the Whole Foods chain.
  • Watched another document about health diet. That's a hard question. Everything seems to be at least somewhat dangerous. Some stuff you have to have, or you'll get sick and so on. This is very complex topic. I guess nobody's eating better than the people at International Space Station? Because they must have very carefully planned and complete yet healthy diet.
  • Watched another document about creator economy. Great talk about economy, business and what people want, etc. Producer economy, consumer economy. Creating demand, producing required goods, etc. Good talk, about how much people have everything they need. That's the situation I've been in for a long time. I can go shopping, but it's extremely hard that I would find anything to buy. Gamification, participation, personal experience. Robotic car subscription services. Owning car doesn't make sense. Everything is tracked and there's digital tail and trail of everything. Robots taking jobs, etc. It's all about technological transformation. How technology, society and privacy works out. People love sharing valuable information for free, etc. People don't actually care about privacy.
  • Also watched many TED talks about interesting future topics. Yet those always awfully light and don't go deep in topics due to time limits.
  • Jvns: Being on call. That's exactly what I've been saying. Nothing new, nothing to add- Very good writing. But unfortunately not obvious to all developers. kw: software reliability, code quality, exception handling, being responsible, design choices, distributed systems, consistency, race conditions, stretch and learn, complex failure condition, "being responsible for my programs operations makes me a better developer", that's very true!
  • Read a few cloud migration articles. Nothing new, it was all obvious. Like data transfer times, data migration, delta syncs, updating data in smaller chunks. Checking connection upload speed, etc. DNS, TTL, IP address changes, firewalls. Long files and deeply nested folders, hahah. Been there done that. Access policies and restrictions, secure configuration, etc. All the basic fun.
  • Cloudflare has added following new IP ranges during the last six months. I've got a script which auto monitors CF ranges and updates firewalls etc. IPv4: 199.27.128.0/21 and IPv6: 2c0f:f248::/32, 2a06:98c0::/29