Debugging Web Access Issues with Microsoft Edge

Edge comes with Developer Tools (Control-Shift-I).  

These tools are surprisingly powerful. The tools appear right next to the rendered webpage in the browser.

Suppose you are trying to log in to a service called "Microsoft New Service" but it doesn't work.  The tab text says "Sign in to Microsoft New Service". Open up Dev Tools. Click on Network (the wifi-style icon). 

Now reload the webpage.  

You will see entire flow of HTTP requests and responses. A 200 response is status code OK, a 204 means No Content. In fact, any status code between 200 and 299 is a form of success. 300-399 are redirection messages, and anything about that represents an error.

You may be surprised by the number of conditional access-related HTTP requests that are involved in an authentication attempt.

Why Pre Shared Keys are not Wifi Passwords

It is tempting to think of wifi passwords as equivalent to Pre Shared Keys (PSKs) used in authenticating wifi connections.  In fact, the wifi password is combined with the SSID (Service Set Identifier) of the wifi network to produce a 256-bit cryptographic key.

The Pre Shared Key model is not ideal for enterprise deployments, as anyone who knows the password can decrypt traffic, if they capture the handshake. IoT devices using Pre Shared Keys are also not secure where keys are leaked in plaintext logs. This is why there is a separate WPA2-Enterprise that abandons the PSK model.

WPA3-Personal replaced PSK with SAE (Simultaneous Authentication of Equals) to enhance security, adding a principle of forward security, by introducing unique keys for every session.

Protecting RAM

Attacks on RAM are one of the arguments to better protect data in use.

There are various security attacks on RAM. One is malware that can scrape memory e.g. for plaintext credit card numbers (once read into RAM prior to encryption).  Modern systems aim to encrypt data as early as possible in the processing pipeline.

Privileged operators (e.g. cloud admins) can peek into RAM. This is why confidential VMs isolate memory to hide data-in-use from cloud providers. 

DMA devices such as Thunderbolt peripherals can read system memory (and hence potentially sensitive data, from RAM). Modern operating systems restrict "hot-plug" DMA access.

Note: this list of compromise attacks is non-exhaustive. This is a big field of operations.

Microsoft's GitHub

Microsoft's GitHub is worth perusing from time-to-time. Some of the big projects are VS Code and TypeScript but many more additions are made to cover new directions like confidential computing.

Microsoft also have a website (opensource.microsoft.com) detailing their open source initiatives more broadly.  The Microsoft open source blog is also worth reading.

OHTTP

OHTTP (Oblivious HTTP) is an IETF network protocol to enable anonymous HTTP transactions over the Internet. 

Its primary goal is to enable users (browsers, agents, other software) to send HTTP requests without revealing their IP address.

It is defined by RFC9458.

IPv4 vs IPv6

Purpose of IP Addresses and the Problem IPv6 Solves

An IP address (Internet Protocol address) is a numeric label to identify a network interface of a computer or network node participating in a computer network using the relevant IP version.

IPv6 was created to tackle the problem of IPv4 exhaustion.

IPv6 uses 128 bit addresses, yielding an address space of 2^128 possible addresses.   This contrasts massively with IPv4 which is only 32 bits!!

Why is there no Planned IPv7?

The address space of IPv6 is so large that address exhaustion is not a foreseen possibility, and hence no IPv7 is planned at present.

What transition technologies are in play to help move to IPv6?

There are some transition technologies e.g. NAT64, aimed at easing the transition from IPv4 to IPv6.

Apart from Bigger Address Space, what else does IPv6 Bring to the Table?

Apart from bigger size, IPv6 also adds some interesting new features. Learn these.

Understanding localhost

Everyone has used localhost. But few have explicitly thought about and written down what it really means. 

localhost is a reserved domain name that the OS maps to itself; typically 127.0.0.1 for IPv4 and ::1 for IPv6.

It bypasses DNS as requests to localhost never go out to the Internet. The OS resolves it internally.

Localhost traffic is routed through a virtual network interface that loops packets back into the machine without touching any physical network hardware.

Developers run local servers (e.g. localhost:3001) to test code quickly, safely and without exposing anything to the Internet.