Deep Dive
Why is Microsoft's SSH telemetry on Windows considered aggressive?
Microsoft's SSH telemetry sends information about every SSH connection in real time, including client versions and cipher suites. While it doesn't track who connected, the instantaneous nature of the data collection feels invasive, similar to how law enforcement collects call metadata. This level of detail, especially for server-side connections, is seen as excessive and unnecessary for legitimate purposes like retiring outdated ciphers.
What specific data does Microsoft's SSH telemetry collect?
Microsoft's SSH telemetry collects the version of SSH used, remote protocol error lists, peer versions, supported ciphers, compression mechanisms, message authentication codes, and proposed host keys. This includes detailed metadata about the connection setup, which is more information than Microsoft would reasonably need for operational purposes.
Why is Let's Encrypt introducing six-day certificates?
Let's Encrypt is introducing six-day certificates to enhance security by reducing the validity period of SSL certificates. This move aligns with industry trends, such as Apple and Google pushing for shorter certificate lifespans to prevent misuse of expired domains or stolen keys. Automation makes frequent renewals manageable, and shorter cycles ensure compromised certificates are invalidated faster.
What challenges does Let's Encrypt face with six-day certificates?
Let's Encrypt must scale its infrastructure to handle a significant increase in certificate issuance, potentially up to 100 million certificates per day in the future. Additionally, shorter validity periods require better monitoring and faster response times to renewal failures, as there is less buffer time to address issues before certificates expire.
Why should domain owners set up SPF and DMARC records even if they don't send email?
Setting up SPF and DMARC records prevents spammers from using the domain for phishing or spam, protecting the domain's reputation. Without these records, spam sent from the domain can lead to blacklisting, affecting future email delivery or even causing firewalls to block the domain entirely. Proper DMARC configuration also allows domain owners to receive reports on fraudulent email activity.
What causes sluggish performance during file transfers on a Synology NAS?
Sluggish performance during file transfers on a Synology NAS is often due to network saturation, especially when using NFS over a 1Gbps connection. If the drives are CMR and not SMR, the bottleneck is likely the network or the single-threaded nature of NFS. Running IOstat or checking local performance via SSH can help identify if the issue is with the drives or the network setup.
How can NFS performance be improved during file transfers?
NFS performance can be improved by enabling server-side file copying, which avoids the need to transfer data over the network. On file systems like ZFS or ButterFS, using features like reflinks or block reference trees allows files to be cloned locally, reducing network load. Additionally, ensuring the network is not saturated and using multi-threaded NFS configurations can help.
- Windows' SSH client sends telemetry data to Microsoft upon each connection.
- The telemetry includes connection metadata such as client and server versions, cipher suites, and host keys.
- Concerns raised about the real-time transmission and potential privacy implications.
Shownotes Transcript
Windows ssh is sending more telemetry than you might think, Let’s Encrypt will offer 6 days certificates, a PSA about domains that don’t send emails, and performance issues in a Synology NAS.
Plugs
Support us on patreon and get an ad-free RSS feed with early episodes sometimes
Winter 2024 Roundup: Storage and Network Diagnostics
News/discussion
ssh on Windows sends telemetry
Let’s Encrypt to offer 6 day certs
Important reminder, if you own a domain name and don’t use it for sending email
Free Consulting
We were asked about performance issues in a Synology NAS.
ServerMania
Get 15% Off dedicated servers – recurring for Life at servermania.com/25a with code 25ADMINS
See our contact page for ways to get in touch.
