The "mystery" of what happened at the "Núñez de Balboa" photovoltaic power plant is, to this day, one of the most significant unresolved questions of the Iberian blackout. In this post I elaborate on this issue by using open-source intelligence, official reports and a bit of reverse engineering. Introduction In a recent official hearing of the Spanish Senate commission investigating the blackout, the president of REE (Spain’s TSO), Beatriz Corredor, stated the following. " Let me tell you why we believe, why we know, that the whole process starting at 12:03 began in Extremadura, because we have physical evidence and therefore we can demonstrate that the extraordinary 0.6 Hz oscillation, that began at 12:03, was due to poor management and poor control of a high-power photovoltaic plant installed in the province of Badajoz[...] The same plant had had a similar failure, proven and documented, the previous year, and that the people in charge of that plant themse...
A couple of months ago I spent some time reading code from Signal (libsignal, Android/iOS apps, server, etc.) and came across some interesting issues, which I reported to @Security. This post describes the case of the UNENCRYPTED_FOR_TESTING hardcoded username in Signal's TLS Proxy implementation, a debugging-only feature that could be 'exploited' (though the impact is very limited) in Signal for Android. So, what happens when an active actor tries to block your connection to Signal’s servers? Signal offers different alternatives, including community-supported Signal TLS Proxies. The Signal TLS Proxy Signal provides plenty of information on how , and when , to use a Signal TLS Proxy. Signal TLS Proxy is a simple relay proxy implemented using nginx and ‘ssl_preread’. Depending on the received SNI, nginx will relay the connection to the specific server. https://github.com/signalapp/Signal-TLS-Proxy/blob/main/data/nginx-relay/nginx.conf ... stream { map $ssl_prer...