Access, TLP, CIISS, Voikko, DoH3, RFC 9114, Passkeys

1. States of access (to key / secret):

   1. Loss No one has access.

   2. Safe Only the user has access

   3. Leak Both the user and the adversary have access

   4. Theft Only the adversary has access

   5. Disclosed Everyone knows has access

2. I've mentioned several times that some times the disclosed is actually beneficial. If having secret key X works as proof that. When the key is disclosed, then anyone can create signatures with that key, and then having that key doesn't anymore mean that anyone having the key would have been source of the signed messages.

3. Studied Traffic Light Protocol 2.0 (TLP) (@ Wikipedia) - Red, Amber+Strict, Amber, Green, Clear

4. Checked ContactInfo-Information-Sharing-Specification (CIISS) (@nusenu.github.io) contact format for Tor relay operators. - But no thank you. Automated processing is the trigger for spam flood. Contact info is intentionally in a way which is not processable automatically, but if they want to contact, they can.

5. Voikko Finnish spell checker project finally agreed that they should fix the file path handing fail. If there's a space in path, the program doesn't work because it tries to access path like word%20word, and ends up with not found error. Ehh, that's a fail.

6. DNS over HTTP/3 on Android (@ security.googleblog.com) -. Now finally some tech I can support. Many of the DNS over something tunneling options are just bad, compared to pure UDP implementation. But DNS/H3 DNS-over-HTTP/3 (DoH3) sounds good, because it keeps the communication efficiently encrypted. Many of the older alternatives had either reliability issues and or serious overhead issues and due those reasons also latency issues. Of course if things fail, things can be retried, but it comes with huge latency penalty. KW: DoT, DoH, DoH3, DDR, DNS

7. HTTP/3 = RFC 9114 (@ rfc-editor.org - Is traditional TCP on it's way out? - I think this got way too little attention. Maybe HTTP/3 should have been it's own protocol, instead of being on top of UDP? kw: HTTP/3, H3, RFC9114, HTTP, Web, Internet, Future

8. Did I say something about Outlook and Teams UX? I just tested the Tasks feature, and important tasks are marked with Star on Outlook and with Exclamation mark on Teams and so on. Once again the UX is totally inconsistent. And this on desktop. If I would check this in mobile apps, it's totally even more confusing, so I didn't even bother. Maybe someday Microsoft will someone whom happens to understand even basics of software development.

9. Once again reminded myself about the facts how utterly broken modern systems are in terms of security. Security considerations just aren't a factor. Proper secure systems should be built as secure systems starting from hardware. This especially applies to devices like computers and mobile phones and any modern consumer / corporate tech. It's obvious that espionage is kept as more important feature than actual security. Yet all this development has been it very hard or virtually impossible to even get something that is secure or even would maximize security as much as possible. Many seem to think that using some app would fix the problem, no, it won't because the platform which the app runs on, is already total nightmare and disaster waiting to happen. And as we know, this is a fact, and related incidents happen over and over again.

10. Passkeys.io (@ passkeys.io) - "A new default for authentication has been created". Interesting stuff. But I find it especially troubling that the credentials are now linked to problem generators like Amazon, Google or Microsoft.

11. Matrix, reply, edit and threads features are all totally inconsistent. So basically all features work, might work and you really don't know what the end result will be. I would say this is classic open source. Which drives everyone sane (?) to avoiding it, because it's all so complex and brittle. - Just like many other projects, it kind of works, but is full of really nasty and sometimes even dangerous traps with bad UX. - There is something definitely something very wrong, if most of the time using something is spent dealing with its bugs.  Some projects are so broken, that it feels like waste of time trying to even discuss the problems.

12. Something not so different? Boom Supersonic (@ Wikipedia) and American Airlines, contract for 20 planes. Let's hope this project works out.

2023-10-08