mTLS, Kill Chain, Cloudflare One, Zero Trust Architecture, USBKill, Panoramix


  1. Mutual TLS authentication (mTLS) (@ Wikipedia) two-way authentication, which naturally authenticates server(s) and client(s) strongly.

  2. Watched documentary: Kill Chain: The Cyber War on America's Elections (2020) (@ IMDB). Very interesting documentary, where politics and hacking is combined to change the world. Classic cyber security staff, where systems are badly designed and implemented, probably intentionally (?), to be abused (?).

  3. A friend asked what's the point of mask versus prefix. Very good question, I checked it, and non prefix based subnet mask isn't even allowed. I wasn't completely sure, if it's allowed or not. That would have been the only case, where using mask versus prefix would have made any sense. Yet technically there shouldn't be any reason why bit-mask like 255.255.128.64 wouldn't work.

  4. Just noticed that some systems are using vapor chamber cooling. No, I didn't think about it from CPU point of view at all, but started to think due to my frying pan. I had a few bad pans, which didn't distribute heat efficiently. Therefore I just were wondering, why they aren't doing any vapor chamber pans. Because I've got one steam pan, and it naturally distributes heat very efficiently, it doesn't even matter if you would heat it with blowtorch. So why not using the same proven to being a good solution for frying pans as well? Product idea? Couldn't find any on the net quickly.

  5. Cloudflare One (@ Cloudflare) / SASE (Secure Access Service Edge) (@ Cloudflare) - Looks good, and would probably be something I would and could use, if I would need it. - kw: identity management, BeyondCorp Enterprise Security, Zero Trust, Cloudflare Network Interconnect (CNI) (@ Cloudlfare blog), Argo Tunnel, Magic Transit, DNS Tunneling.

  6. Zero Trust Networks (@ Wikipedia) / Zero Trust (ZT) / Zero Trust Architecture (ZTA) / Zero Trust Security Model (ZTNA) / BeyondCorp (@ Wikipedia). Nothing new here, always verify and authenticate users and requests and of course the principle of least privilege (PoLP) (@ Wikipedia) without forgetting Layered security (@ Wikipedia). kw: identity, access control, authentication, security

  7. Even more disk technology advancements: Triple Stage Actuator (TSA) / Multi-stage Micro Actuator and Energy Assisted Magnetic Recording (EAMR) Recording Technology. They're getting creative with hard disks. Just wondering when SSDs will be cheaper than HDDs.

  8. USBKill (@ Wikipedia) / USBKill (@ GitHub). Yet another reason to shutdown systems, when required. Yet for servers, I'll prefer systems which trigger before the server itself is physically touched. -> If the server cabinet / enclosure is accessed / opened / touched, before system is disarmed, then it triggers immediate system shutdown & key wipe. Details vague, on purpose. All the methods of tamper proofing can be utilized with these kind of solutions. Not forgetting using hardware solution work without any software.

  9. Checked out: Google Workspace (@ cloud.google.com), it's nice. Really nice modern and light alternative to Microsoft Office bloatware.

  10. I guess this is the best undercover documentary I've ever seen (?!?). True hardcore stuff. "BBC - The Mole: Infiltrating North Korea - The real-life story of two men who embark on a ten-year mission to infiltrate North Korea".

  11. Studied shortly Panoramix Project (@ panoramix-project.eu) - Yet another Tor alternative. Yet I've been happy with GNU Net, Freenet and Tor. Those I'm well familiar with. Yet having newer and more options is nice. And of course VPN (in it's original meaning) between servers using WireGuard. Yet the project seems very academic, stale and a EU-project. Probably not going forward. But let's hope for the best.

2022-01-02