<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Security on JOURNAL.ROBBI.MY</title><link>https://journal.robbi.my/tags/security/</link><description>Recent content in Security on JOURNAL.ROBBI.MY</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Tue, 30 Jun 2026 03:01:59 +0000</lastBuildDate><atom:link href="https://journal.robbi.my/tags/security/index.xml" rel="self" type="application/rss+xml"/><item><title>scoop - next InitializeSecurityContext failed</title><link>https://journal.robbi.my/posts/240124105203/</link><pubDate>Wed, 24 Jan 2024 22:52:03 +0800</pubDate><guid>https://journal.robbi.my/posts/240124105203/</guid><description>&lt;p&gt;I&amp;rsquo;m encountering an issue updating my Scoop package on Windows, and it seems to be related to the &lt;code&gt;Windows Secure Channel&lt;/code&gt;.&lt;/p&gt;
&lt;div class="code-block"&gt;
 &lt;div class="code-header font-mono"&gt;
 &lt;span class="code-lang"&gt;text&lt;/span&gt;
 &lt;div class="code-window-controls"&gt;
 &lt;button class="code-copy" onclick="copyCode(this)" title="Copy to clipboard"&gt;📋 Copy&lt;/button&gt;
 &lt;span class="ctrl-min"&gt;&lt;/span&gt;
 &lt;span class="ctrl-max"&gt;&lt;/span&gt;
 &lt;span class="ctrl-close"&gt;&lt;/span&gt;
 &lt;/div&gt;
 &lt;/div&gt;
 &lt;div class="code-content"&gt;&lt;div class="highlight"&gt;&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"&gt;&lt;code class="language-text" data-lang="text"&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;Windows PowerShell
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;Copyright (C) Microsoft Corporation. All rights reserved.
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;PS C:\Users\robbi&amp;gt; scoop update *
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;Updating Scoop...
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;fatal: 
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt; unable to access &amp;#39;https://github.com/ScoopInstaller/Scoop/&amp;#39;: 
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt; schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) 
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt; - The revocation function was unable to check revocation because the revocation server was offline.
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;Update failed.&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;
&lt;/div&gt;
&lt;p&gt;This might be due to a company internal root CA certificate distributed via Active Directory, which could be blocking the update through the certificate chain.&lt;/p&gt;</description></item><item><title>I really disappointed with Boxcryptor and Dropbox</title><link>https://journal.robbi.my/indieweb/221222053613/</link><pubDate>Thu, 22 Dec 2022 17:36:13 +0800</pubDate><guid>https://journal.robbi.my/indieweb/221222053613/</guid><description>&lt;p&gt;I have been using &lt;a href="https://boxcryptor.com"&gt;boxcryptor&lt;/a&gt; almost 2 years and I really like it
because of some features like:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;It is free for personal use&lt;/li&gt;
&lt;li&gt;It is cross platform (Windows, Android)&lt;/li&gt;
&lt;li&gt;It is easy to use (setup, backup, restore, manage, update)&lt;/li&gt;
&lt;li&gt;It is easy to sync / share (with some limitation for personal use plan)&lt;/li&gt;
&lt;li&gt;It is easy to encrypt / decrypt&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;I use boxcryptor to encrypt my &lt;code&gt;Onedrive&lt;/code&gt; folder and I really like it. It encrypts my files and folders one bye one per file(s) without need to scramble files like how &lt;code&gt;crytomator&lt;/code&gt; works.&lt;/p&gt;</description></item><item><title>Ubuntu Chromium DEB file are actually snap wrapper</title><link>https://journal.robbi.my/posts/210730122225/</link><pubDate>Fri, 30 Jul 2021 12:22:25 +0800</pubDate><guid>https://journal.robbi.my/posts/210730122225/</guid><description>&lt;p&gt;&lt;img src="https://journal.robbi.my/posts/210730122225/sIoDOKw.png" alt="" title="malicious files, it actually using Chromium snap package"
 class="mx-auto block cursor-zoom-in"
 data-zoomable
 loading="lazy" /&gt;
&lt;/p&gt;
&lt;p&gt;The screenshot taken is the latest &lt;a href="https://bazaar.launchpad.net/~chromium-team/chromium-browser/focal-stable/view/head:/chromium-browser"&gt;rev:head&lt;/a&gt; (currently when the post published) of chromium-browser/focal package files repository. I really surprise about this kind of packaging. Oh my God, how comes this is allowable?&lt;/p&gt;
&lt;p&gt;Seems it start putting and using wrapper to use snap on &lt;a href="https://bazaar.launchpad.net/~chromium-team/chromium-browser/focal-stable/files/1505?remember=1550"&gt;rev:1505&lt;/a&gt;, correct me if I wrong because I don&amp;rsquo;t use &lt;code&gt;bazaar&lt;/code&gt; source code management so much compare to &lt;code&gt;cvs&lt;/code&gt;, &lt;code&gt;mercurial&lt;/code&gt; and &lt;code&gt;git&lt;/code&gt;.&lt;/p&gt;</description></item><item><title>Setup SSH login without password (windows)</title><link>https://journal.robbi.my/posts/201210071100/</link><pubDate>Thu, 10 Dec 2020 19:11:00 +0000</pubDate><guid>https://journal.robbi.my/posts/201210071100/</guid><description>&lt;div class="code-block"&gt;
 &lt;div class="code-header font-mono"&gt;
 &lt;span class="code-lang"&gt;bash&lt;/span&gt;
 &lt;div class="code-window-controls"&gt;
 &lt;button class="code-copy" onclick="copyCode(this)" title="Copy to clipboard"&gt;📋 Copy&lt;/button&gt;
 &lt;span class="ctrl-min"&gt;&lt;/span&gt;
 &lt;span class="ctrl-max"&gt;&lt;/span&gt;
 &lt;span class="ctrl-close"&gt;&lt;/span&gt;
 &lt;/div&gt;
 &lt;/div&gt;
 &lt;div class="code-content"&gt;&lt;div class="highlight"&gt;&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;&lt;span style="color:#6272a4"&gt;# Currently on Windows with MingGW64 terminal&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;$ uname -a
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;MINGW64_NT-10.0-18363 AYAM-ITEK-KAMBING 3.1.6-340.x86_64 2020-07-09 14:33 UTC x86_64 Msys
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;&lt;span style="color:#6272a4"&gt;# we must make sure the permissions to files and folders are correct&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;$ chmod &lt;span style="color:#bd93f9"&gt;600&lt;/span&gt; ~/.ssh/authorized_keys 
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;$ chmod &lt;span style="color:#bd93f9"&gt;700&lt;/span&gt; ~/.ssh/
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;&lt;span style="color:#6272a4"&gt;# copy the public key contents from LOCAL MACHINE to REMOTE MACHINE&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;$ ssh-copy-id -i ~/.ssh/id_rsa.pub robbi@172.217.24.174 -p2222
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;/usr/bin/ssh-copy-id: INFO: Source of key&lt;span style="color:#ff79c6"&gt;(&lt;/span&gt;s&lt;span style="color:#ff79c6"&gt;)&lt;/span&gt; to be installed: &lt;span style="color:#f1fa8c"&gt;&amp;#34;~/.ssh/id_rsa.pub&amp;#34;&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key&lt;span style="color:#ff79c6"&gt;(&lt;/span&gt;s&lt;span style="color:#ff79c6"&gt;)&lt;/span&gt;, to filter out any that are already installed
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;/usr/bin/ssh-copy-id: INFO: &lt;span style="color:#bd93f9"&gt;1&lt;/span&gt; key&lt;span style="color:#ff79c6"&gt;(&lt;/span&gt;s&lt;span style="color:#ff79c6"&gt;)&lt;/span&gt; remain to be installed -- &lt;span style="color:#ff79c6"&gt;if&lt;/span&gt; you are prompted now it is to install the new keys
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;Number of key&lt;span style="color:#ff79c6"&gt;(&lt;/span&gt;s&lt;span style="color:#ff79c6"&gt;)&lt;/span&gt; added: &lt;span style="color:#bd93f9"&gt;1&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;Now try logging into the machine, with: &lt;span style="color:#f1fa8c"&gt;&amp;#34;ssh -p &amp;#39;2222&amp;#39; &amp;#39;robbi@172.217.24.174&amp;#39;&amp;#34;&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;and check to make sure that only the key&lt;span style="color:#ff79c6"&gt;(&lt;/span&gt;s&lt;span style="color:#ff79c6"&gt;)&lt;/span&gt; you wanted were added.
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;&lt;span style="color:#6272a4"&gt;# try to ssh into remote machine&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;$ ssh robbi@172.217.24.174 -p &lt;span style="color:#bd93f9"&gt;2222&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;Last login: Fri Dec &lt;span style="color:#bd93f9"&gt;11&lt;/span&gt; 03:02:27 &lt;span style="color:#bd93f9"&gt;2020&lt;/span&gt; from 10.0.2.2
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;&lt;span style="color:#ff79c6"&gt;[&lt;/span&gt;robbi@r0x ~&lt;span style="color:#ff79c6"&gt;]&lt;/span&gt;$ uname -a
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;Linux r0x 5.9.11-200.fc33.x86_64 &lt;span style="color:#6272a4"&gt;#1 SMP Tue Nov 24 18:18:01 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;&lt;span style="color:#ff79c6"&gt;[&lt;/span&gt;robbi@r0x ~&lt;span style="color:#ff79c6"&gt;]&lt;/span&gt;$ cat /etc/fedora-release
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;Fedora release &lt;span style="color:#bd93f9"&gt;33&lt;/span&gt; &lt;span style="color:#ff79c6"&gt;(&lt;/span&gt;Thirty Three&lt;span style="color:#ff79c6"&gt;)&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/div&gt;
&lt;/div&gt;</description></item><item><title>How to disable ICMP ping replies (linux)</title><link>https://journal.robbi.my/posts/201208014200/</link><pubDate>Tue, 08 Dec 2020 01:42:00 +0000</pubDate><guid>https://journal.robbi.my/posts/201208014200/</guid><description>&lt;p&gt;Few weeks ago during server setup phase for one of my project, I notice there is no &lt;code&gt;ICMP&lt;/code&gt; or &lt;code&gt;ping&lt;/code&gt; replies from server and some port are not able to access.&lt;/p&gt;
&lt;p&gt;I told the network engineer to check and seem they blocking the ports and disabling ICMP replies from their firewall configuration.&lt;/p&gt;
&lt;p&gt;From that accident I do some google-fu if I can do same thing for personal computer / server. We can setting the &lt;code&gt;kernel variable&lt;/code&gt; or use &lt;code&gt;iptable&lt;/code&gt; to disable &lt;code&gt;ICMP / ping&lt;/code&gt; replies if requested.&lt;/p&gt;</description></item><item><title>Keybase, GPG key and Zoom</title><link>https://journal.robbi.my/indieweb/201025030900/</link><pubDate>Sun, 25 Oct 2020 03:09:00 +0000</pubDate><guid>https://journal.robbi.my/indieweb/201025030900/</guid><description>&lt;p&gt;I have been using &lt;a href="https://keybase.io/robbinespu"&gt;Keybase since 2016&lt;/a&gt; until now and start using PGP since 2009.&lt;/p&gt;
&lt;p&gt;Back then before Keybase available, I already use PGP as I mentioned earlier but I having hard with PGP keys because each time I upgrade OS, reformat OS, unrecoverable computer failure or switch newer computer I lost my PGP keys. Some of them don&amp;rsquo;t have expire date and I lost revoke key to take it down, unfortunately.&lt;/p&gt;</description></item></channel></rss>