Kuusitunneli (6in4), MFA, CF Postmortem, BriarApp, "Encryption"

  • Reverted back to using the Kuusitunneli.fi. Why? Because Telia's 6rd just got broken, and nobody knows how to fix it. This is major problem with all kind of stuff. Someone breaks the stuff without any pre-announcement, and even after it's broken, nobody seems to know how to fix it. Nothing new, unfortunately. IPv6 is just something major ISPs and carries really don't mind about. It's always second-class citizen service. - Anyway, Kuusitunneli also provides static IPv6 addresses, instead of dynamic addresses used with Telia's sucky 6rd.
  • New EU banking directive requires use of Multi-Factor Authentication (MFA). Even when doing basic online shopping. Two of three factors is required: 1. Something you know, 2. Something you have, 3. Something you are. This is major problem for many stores, because they haven't thought about payments that far. Of course this gives great advantage to payment solution providers, whom have already sorted this out, and can provide simple and easy integration with all the required features. Like get payment 20€, done payment received. We've seen integration of online payment providers in Finland, and I'm sure this will accelerate it. Note, this process is required, even if you're paying with credit card. So it's not relevant only to direct bank account (wire) payments, which are very popular in Finland. If the directive requirements aren't met, it's recommended that the payment is rejected. One major pizza chain in Finland has been following this process for several years, which is quite annoying when you're ordering something simple and cheap, like pizza delivered to your home. Pros of this process is that it should make "basic" card payment fraud nearly impossible. - Especially with apps which lack the authentication, there has already been complaints and reports for several years, being widely abused. Which of course annoys banks and police.
  • Cloudflare postmortem - I'm a real friend of postmortem. This time Cloudflare did it, because they caused a global Cloudflare outage, but why? Let's see. Wow, legendary regular expression (regexp) fail. Amazing, causing CPU load caused Denial of Service (DOS) and 502 errors for end users. 82% of requests (or traffic) was denied when situation was at it's worst. Web Application Firewall (WAF) got disabled for almost an hour to mitigate this error. Well, it's kind of see, that everybody even with strict procedures do bad mistakes at times.
  • Lots of discussion about - #Briar / BriarApp / Briar Project , how it can provide user introduction links allowing adding users without meeting them in person and what kind of attack scenarios and other risks are related to the process. After reading all the project reading documentation, I think the new link exchange based contact at distance method which allows adding remote contacts without physically meeting, is exactly the feature I wish the application would have.
  • Daily gag, "Warrant compatible encryption", made me smile so much. Another thing, one site requires Facebook ID and authentication to leave comments about Facebook outage. So legendary. Please call our service desk, if phone network is down. When discussing about these apps of course it's impossible to avoid mentioning Ricochet, but currently it doesn't run on mobile operating systems and of course it's still experimental. I might be using Ricochet and Bitmessage, or maybe not. Nobody knows and that's the whole point of these messenger services.
  • Something different? Swedish Torped 47 is a light weight anti-submarine warfare (ASW) torpedo which will be also used by Finland. Watched quite a few good history documentaries about espionage, weapons and cold war. Ref: Kolokol-1.
  • Run extended self-tests for all my disks, just to confirm that all drives are in good shape.