Author: Luki

ICANN Reserves .internal TLD for Private Use

Post author By Luki
Post date 2024-08-20

ICANN Reserves .internal TLD for Private Use as seen by DALL-E

The Internet Corporation for Assigned Names and Numbers (ICANN) has officially reserved the .internal top-level domain (TLD) for private use at the DNS level. This decision aims to provide a standardized TLD for internal networks, similar to how certain IPv4 address blocks are reserved for private use.

Resolved (2024.07.29.06), the Board reserves .INTERNAL from delegation in the DNS root zone permanently to provide for its use in private-use applications. The Board recommends that efforts be undertaken to raise awareness of its reservation for this purpose through the organization’s technical outreach.
https://www.icann.org/en/board-activities-and-meetings/materials/approved-resolutions-special-meeting-of-the-icann-board-29-07-2024-en#section2.a (2024-08-19)

Key points

The .internal TLD will never be delegated in the global DNS root, ensuring it can be safely used for internal networks without conflicts.
This move addresses the issue of organizations creating ad hoc TLDs for private use, which could lead to confusion.
Google’s VP and Chief Internet Evangelist, Vint Cerf, revealed that Google and many of its cloud customers have been using .internal for years.
ICANN believes this reservation won’t introduce new security or stability issues, but its effectiveness in improving the current situation remains uncertain.

Network administrators now have a sanctioned alternative for internal DNS naming, potentially simplifying and standardizing private network configurations across the internet.

Azure

AZ quota exhausted, bad config in Bicep

Post author By Luki
Post date 2024-08-15

Operation cannot be completed without additional AZ quota. Please file a support ticket to request a limit increase. portal.azure.com (2024-08-15)

I’m experiencing issues again with deploying App Services to Azure’s data center in West Europe. In December 2023, I saw a similar issue with DSv5 availability. As of August 9, 2024, I’m stuck with what appears to be capacity issues again. However, it turns out that was not the case.

{
    "code": "DeploymentFailed",
    "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https:\/\/aka.ms\/arm-deployment-operations for usage details.",
    "details": [
        {
            "code": "Unauthorized",
            "message": "Operation cannot be completed without additional AZ quota. Please file a support ticket to request a limit increase. \r\nAdditional details - Location: West Europe \r\nCurrent Limit (Premium0V3 VMs): 0. \r\nCurrent Usage: 0. \r\nAmount required for this deployment (Premium0V3 VMs): 1. \r\n(Minimum) New Limit that you should request to enable this deployment: 1. \r\nNote that if you experience multiple scaling operations failing (in addition to this one) and need to accommodate the aggregate quota requirements of these operations, you will need to request a higher quota limit than the one currently displayed."
        }
    ]
}

Security

wordfence.com Vulnerability Database

Post author By Luki
Post date 2024-08-13

Wordfence Intelligence > Vulnerability Database

Wordfence is a comprehensive security plugin designed specifically for WordPress websites. It offers a range of features, including firewall protection, malware scanning, and real-time threat intelligence to safeguard sites from malicious attacks. With its user-friendly interface, Wordfence provides detailed reporting and alerts, allowing website owners to monitor and respond to potential security threats effectively. Additionally, the plugin includes options for user blocking, login security, and two-factor authentication to enhance overall site protection.

Wordfence is also well-known for its security research and for maintaining a vulnerability database.

News

Azure Portal, the request is blocked

Post author By Luki
Post date 2024-08-09

portal.azure.com - The request is blocked

The following message greeted multiple people on August 9th, 2024 at 09:47 CEST. It recovered by opening the portal fresh in the tab. But after the recent incident with Cloudstrike and other incidents immediately, your mind goes wandering when you see a large central structure greeting you and your colleagues with an error message.

The request is blocked.
https://portal.azure.com/Error/UE_SessionExpired#view/Microsoft_Azure_Support/SupportRequestDetails.ReactView/id/*** (2024-08-09 09:47)

Web

clockify.me and the flood of errors

Post author By Luki
Post date 2024-08-08

clockify.me on July 27th, 2024

Time tracking is a fundamental task in most companies. I used to use Clockify for a few years, primarily for its API access and the native Windows client with the mini counter. However, I frequently encountered issues with the client logging me out, crashing, or syncing incorrectly. By the summer of 2024, I had reached my limit.

Security

hardenize.com secure score card

Post author By Luki
Post date 2024-08-06

hardenize.com 2024-07-23

Hardenize is an interesting alternative to Mozilla’s HTTP Observatory, which scans your website and security perimeter. It provides you with a free and public scorecard that is also shareable via a link. Achieving a good score is a strong indicator that you care about security and demonstrates your commitment to it publicly.

News

Mozilla new HTTP Observatory

Post author By Luki
Post date 2024-08-01

The Mozilla Observatory is a well-known web tool that verifies your website’s security baseline. Achieving a high score is a good indicator of your website’s security awareness.

It’s also a highly visible and effective indicator for website visitors. Having a high score is, therefore, not only a good practice but also an advertisement for your competency.

Azure News

Azure outage on July 30th, 2024

Post author By Luki
Post date 2024-07-30

Azure outage on July 30th, 2024

At this moment I saw many services becoming unavailable and also portal.azure.com is no longer available. The status on azure.com shows issues with accessing the portal, but the effects seem to be broader than that. At Microsoft, this case is known by the Tracking ID: KTY1-HW8

https://azure.status.microsoft/en-us/status (2024-07-30 14:29) Tracking ID: KTY1-HW8

Disruptions started at 12:06 UTC or 14:06 CEST based on my monitoring.

https://web-performance.freshping.io/reports?check_id=*** (2024-07-30 15:11)

After the big outtage originated by cloudstrike on July 19th, 2024 we see right away the next big issue on July 30th, 2024. Having contencanly plans and desater processes becomes more and more important.

What i learned about LM Studio

Post author By Luki
Post date 2024-07-25

Local LLM Server with LM Studio

LM Studio is a user-friendly desktop application designed for exploring local and open-source Large Language Models (LLMs). Your data remains securely stored on your machine, and the best part is, it’s completely free for personal use.

Security

Subresource Integrity in HTML

Post author By Luki
Post date 2024-07-23

Polyfill.io attack n as seen by DALL-E

In light of the recent supply chain attack on the polyfill.io CDN, a GitHub account and domain were taken over by a malicious actor, who began injecting harmful JavaScript into thousands of websites. If websites load JavaScript, this script can operate in the first-party context and may perform a range of actions, including logging form data, capturing cookies, and modifying the website as desired. This poses an extreme risk if you do not trust the source completely.

One way to mitigate this risk is by using Subresource Integrity (SRI), which allows you to pin a remote JavaScript file to a specific hashed fingerprint of its content. This makes loading remote resources significantly safer by blocking the loading if the content of the remote JavaScript content changed.