Links for 2016-04-08

  • GCHQ intervenes to prevent catastrophically insecure UK smart meter plan – The Inquirer

    GCHQ barged in after spooks cast their eyes over the plans and realised that power companies were proposing to use a single decryption key for communications from the 53 million smart meters that will eventually be installed in the UK.
    holy crap.

    (tags: gchq security smart-meters power uk electricity gas infrastructure)

  • AWS Billing And Cost Control [slides]

    (tags: aws ec2 costs money hosting ops)

  • Irish drone register allowed access to personal details of 2,000 members

    The breach, which allowed registered users to view names, addresses, email addresses and phone numbers of other people registered on the site, was brought to the attention of the authority on Sunday night. In a statement to TheJournal.ie, the IAA revealed it was aware of four users who downloaded the file.

    (tags: fail drones ireland iaa security)

  • Running Docker on AWS from the ground up

    Advantages/disavantages section right at the bottom is good.

    ECS, believe it or not, is one of the simplest Schedulers out there. Most of the other alternatives I’ve tried offer all sorts of fancy bells & whistles, but they are either significantly more complicated to understand (lots of new concepts), take too much effort to set up (lots of new technologies to install and run), are too magical (and therefore impossible to debug), or some combination of all three. That said, ECS also leaves a lot to be desired.

    (tags: aws docker ecs ec2 schedulers)

  • Hungary proposes anti-crypto law

    up to 2 years imprisonment for use of apps for encrypted communication

    (tags: crypto hungary laws internet crackdown encryption)

  • good example of Application-Level Keepalive beating SO_KEEPALIVE

    we have now about 100 salt-minions which are installed in remote areas with 3G and satellite connections. We loose connectivity with all of those minions in about 1-2 days after installation, with test.ping reporting “minion did not return”. The state was each time that the minions saw an ESTABLISHED TCP connection, while on the salt-master there were no connection listed at all. (Yes that is correct). Tighter keepalive settings were tried with no result. (OS is linux) Each time, restarting the salt-minion fixes the problem immediately. Obviously the connections are transparently proxied someplace, (who knows what happens with those SAT networks) so the whole tcp-keepalive mechanism of 0mq fails.
    Also notes in the thread that the default TCP timeout for Azure Load Balancer is 4 minutes: https://azure.microsoft.com/en-us/blog/new-configurable-idle-timeout-for-azure-load-balancer/ . The default Linux TCP keepalive doesn’t send until 2 hours after last connection use, and it’s a system-wide sysctl (/proc/sys/net/ipv4/tcp_keepalive_time). Further, http://networkengineering.stackexchange.com/questions/7207/why-bgp-implements-its-own-keepalive-instead-of-using-tcp-keepalive notes “some firewalls filter TCP keepalives”.

    (tags: tcp keep-alive keepalive protocol timeouts zeromq salt firewalls nat)

This entry was posted in Uncategorized. Bookmark the permalink. Both comments and trackbacks are currently closed.