• Tweeted: Windows Server 2019 Disable IPv6, why? Because if it's enabled networking constantly breaks down and connectivity is #lost. Only proper solution seems to be disabling IPv6. So annoying. Nobody seems to know why. I've spent so many hours and the problem persists. - Bit more detailed description would be: Manually configured static IPv6 address is lost and always replaced with random privacy addressing address, which of course won't work. Another solution is just to make a script which reconfigure everything again on every reboot. People claim that Windows is easy to use, but this is very Linuxy solution. Another easier and cleaner option is just to disable IPv6.

  • It seems that it's required to disable the IPv6 RA listening (Router Advertisement (Type 134)), otherwise the network all the time breaks down. netsh interface IPv6 set interface "Ethernet 3" routerdiscovery=disabled, if router discovery / router advertisements listening is enabled then the configuration will get messed up on every reboot. With this option and correct manual configuration everything will work, using static information. But next step is to get the same stuff working while using auto configuration. Using manual configuration is kind of annoying, yet it works with servers which naturally use always static addresses. Confirmed only way to make this to work is to give these commands after every reboot: Set-NetIPv6Protocol -RandomizeIdentifiers Disabled Set-NetIPv6Protocol -UseTemporaryAddresses Disabled

  • Made some interesting discoveries from our automated #network #attack #detection and #prevention system. From attacking IP addresses in 4 different data centers (three different service providers / ASNs) there are 3431 #unique IP addresses being #blocked.
    But the most interesting part is that all of the four data centers are blocking same set of 513 IP addresses. Some of these attackers are super active and probably are basically attacking the whole internet. Not a single host, data center or service provider, but whole IPv4 address space. Also most interestingly there were no IPv6 addresses (/64, /48 /32) being blocked using same criteria. Even if detection ssytem is working and blocking IPv6 addresses when required. All attacks target IPv4 addresses only.

  • OnionShare 2.2 adds support to really easily host static web-sites as tor hidden service website. Nice. Perfect especially for temporary use. Normally I would setup Nginx or Apache with Whonix. Kw: Tor, Tor Network, Onion Network, Onion Routing, Anonymity Network

  • Briar @ briarproject.org- Should really support parallel identities. Allowing you to setup different identity with every contact. It's just really stupid security wise to use same identity with different contacts. This is something which BitMessage does so much better, and so many other programs. Never use persistent identity, nor use same identity with multiple parties. Parallel identities should be created and deleted at will and easily.

  • Credentials mismanagement. Just encountered case where high security system personal credentials are passed via multiple persons to the person responsible for credentials, without possibility to change the password nor using 2FA / MFA. This means that the personal account is now known to at least four other people. Really great way to f-up the credential management. Anyone of the persons in the chain now have ability to abuse the personal credentials of the end user. Fail, fail, fail. It made me kind of laugh, when they said in the credentials agreement that you aren't allowed to share the credentials with anyone. But that's kind of joke, because the credentials are pre-shared and pre-known to several people before you ever receive the credentials. At least I were assuming there would be extra 2FA or ability to change the password to new long random string after receiving the initial creds.

  • Duplicacy Lock Free Dedupliation - There are good and bad aspects. Like the multi-client deduplication can only work, if the clients share the encryption keys. This processing also might lead to really high number of chunk files, where the chunk files are small. Depending on back-end being used and amount of data being backed up, data owner ship and privacy requirements, this can be a huge problem.