OVH, SNMP, Secure Environment, OpenPGP, Turvakäräjät
OVH VPS migration process is broken. It won't allocate IP-addresses for new servers API call fails. Oh well, just so classic. And their support is, null, just as usual. Also some configurations can't be migrated, because the new platform doesn't support similar configurations. So manual re-installation of systems is required. As usual, they'll always kick-off these projects during summer vacations with quite short notice. So much joy! If you want to have serious mental breakdown, choose OVH as provider. Lot's of unnecessary stress about every step in some process being more or less bleeped! - Even when the IP address retrieval worked (much later, after lots of tries). When finalizing the migration, it still fails. Configured systems for migration, run systems down from production. Made ticket for manual migration. In the morning, I'll see if migration has happened, or if the systems were down for evening and night for nothing. So annoying. - All their operations raise FUD. - In worst case this leads to data loss and massive down time taking several days. - Only viable solution is to migrate away from OVH. It remains to be seen how badly actually goes. Let's hope for the best and get prepared for worst. - Once again, I feel like this is just my problem. Why does anyone care about little down time. All this stress would go away, if we just decide it's ok for systems to be down for a week, who cares?
Studied structure of SNMP Object Identifier (OID)'s (@ Wikipedia ) while configuring Zabbix (@ Wikipedia ).
Once wrote a program which copied from CD's containing public domain software to floppy disks files requested by users. It optimized the copying of files to disks fitting the disks very efficiently. As well as ordered copy requests so that the source CD would be only needed to change when ever everything from that single source was copied to the same end client. I also wrote software which generated the file indexes. Another friend wrote the software which was used to select which files the customer(s) wanted, and allowed users to flag files for copying and generated "file order list" from the flags. Which my program then utilized to fill the disks. Good times, before multi CD changer BBS systems were available. Disks where then posted to the recipient by mail with the copied files. Fun software development project in early 90's.
Had a really long discussion about "how encryption keys should be managed". Yep, there are simple and more complicated and less and more secure ways. Of course HSMs would be preferred, or other advanced KMS solution. But often keys aren't managed that well. Yet usage of keys also matters. If the key is only replacing shared secured between two parties, it isn't that bad after all. But it's better if private keys aren't publicly accessible or stored in generally guest accessible storage resources or stored directly in scripts committed to some source management system which might not be properly protected. This is generally linked to wider topic of credentials management. See: Key Management, PKI, Role-based access-control (RBAC), Access-control list (ACL) and Credential Management. ( All links @ Wikipedia )
Read 40 pages document about securing remote working environments. Nothing new, all the basics repeated. kw: on-premise vs cloud, authentication, security settings, security features, using right tools for classified information, e2ee, data storage location, data retention, encryption, privacy, security, 3rd parties, use cases for specific communication channels, SSO, 2FA, TOPT, U2F, chat apps, collaboration tools, security hardening, security compliance
Sequoia OpenPGP implementation (@ sequoia-pgp.org ), neat. It's good to have alternatives, yet GnuPG (@ Wikipedia ), gnupg.org (@ gnupg.org ) is pretty universal solution.
Turvakäräjät - Thank you for awesome Finnish security show. Btw. I really hate word Podcast because it's so Apple specific. Web Audio Show, better.