Kinesis, Passwords, H2/H3 Push, Edge Protection, MPU/MCU, ICT obsolescence

1. Summary of the Amazon Kinesis Event (@ aws.amazon.com) - Once again a great postmortem story. How things can go really bad, even if everything has been designed to be robust.

2. A few long and interesting discussions about password hygiene. End result, well, probably desperation would be the right way to express it without using any power-words. When some people say, that the passwords are the problem. Well, it really doesn't matter if it's PKI or shared secrets, if everything is done inherently in very wrong way. As example PKI doesn't solve anything at all, if the private keys aren't being handled and access controlled properly.

3. HTTP/2 and HTTP/3 Push features being dropped from Chrome. Probably those will be mostly replaced by HTTP status code 103 Early hints - RFC 8297 (@ tools.ietf.org). There's a slight difference there. Now the client needs to make the request, so data can't be pushed into buffers before the requests are made. Yet on the other hand, if the client already got the data, it's better not to put it into transport buffers which then would be ignored by recipient and the cancel stream message would be sent back to stop the transmission of the unnecessary data. Yes, hair splitting optimization questions. Not really worth of thinking or implementing for most of web-sites.

4. Did some analytics on edge protection data and it seems that there are as mentioned, quite bunch of IP addresses spewing lots of connections everywhere. Interestingly set of 161 IPv4 addresses were common with all of the systems being protected. 237 IPv4 addresses were present with 90-99% of edges and so on (this value excludes the 100% present items). As I've said earlier some IPs are really active. If we just drop then to the 50% barrier (this is 50-100%) then we've got 980 individual IPv4 addresses. Which is quite a lot. As the monitors are spread between different data centers, this means that the to reach this level, you'll have to do wide spread attacks, attacking single data center or ASN won't reach this level.

5. Malware utilizing the obvious communication channels - DeathStalker APT Spices Things Up with PowerPepper Malware (@ threatpost.com) - Data over DoH DNS is quite obvious route, isn't it?

6. Sharing links in Outlook is adding silly URL tracking segments (@ Twitter). The funniest part of that is that the Outlook URL processing is flawed and the final ! of the tracking stuff is getting dropped from the URL in Outlook. Again, I wonder if they're trolling or purpose or if they're really that bleeped.

7. Firefox Mobile Site Permissions - Again usability issues with Firefox, how do I change site permissions per site on mobile? On desktop it's trivial, but on mobile, can't find a way to do that.

8. Some services are clearly maintained by *redacted*. First they claim you can't change your email address for account. Then when I open account with new email address, they threaten to close the accounts because now I have two accounts. Well, yeah. Yet they don't provide a way to migrate data between the different accounts. I love companies and services which are so utterly full of bleep.

9. Wondered companies and their planned obsolescence and poor support. I've lately felt like many companies intentionally sabotage their products by shipping software which "breaks down" the devices. I've heard so many people buying new devices because the old ones are broken. But miraculously when you reset the devices with open source software, everything starts to work. During the last few years, most of broken laptops I've seen all have been fully physically functional, no problems what so ever. The only problem those had, were that they were running OS X or Windows, which contained the sabotage driver code killing laptops. When the devices were reset and installed with clean Linux, everything worked out of the box. Well, that's easy way to get plenty of free hardware. I'll just say, that I'll wipe the disks, and get rid of the machine. Then I wipe the disks, install Linux and have a few years old nice laptop for free. Crazy. But in general that kind of approach is, I've got nothing to say. - Just wondering, if which category this really belongs to, are they that stupid or smart.

10. Something not so different? Very interesting article about: Galileo GNSS and it's production use of eccentric satellites (@ berthub.eu). Another very nice post: What's the difference MPU vs MCU (@ semiengineering.com)

2022-02-20