Balloon Hashing, Noise Protocol, Home Lab, XFTP, DevOps, Docker

1. Balloon hashing (@ Wikipedia), Another competitor to Argon2 (@ Wikipedia), key derivation function (KDF @ Wikipedia) and this one is recommended by NIST (@ Wikipedia).

2. The Noise Protocol (@ noiseprotocol.org) - Good read. Afaik, looks pretty standard and didn't introduce anything new? Well, it's good to have ready made frameworks for setting up secure communication. 

3. Helped a friend to setup home lab. Clustered servers, Postfix, email (dovecot, postfix, roundcube), Matrix server, Element (web), web-pages, haproxy, nginx, Simplexmq and XFTP servers, everything behind dynamic IP at home. IPv4 and IPv6 via static IP VPS using WireGuard etc. Fun stuff. It took quite a while and he had just a few questions. Haha. So when you say, of course you can self-host. Know that it takes some effort. Yet, it's good learning experience anyway. Testing and learning and thinking how many different ways we can achieve practically the same result. 

4. Enjoyed some problems with integrated security information management solutions. Authentik, their login flow is quite annoying. Liked Authelia so much more. Also checked out FreeIPA and privacyID3A.

5. Finally managed to get my own XFTP server running. It seems very half finished work. Just like my quick "just for my-self" random utility scripts. Configuration is broken, CLI parameters not working, madatory .ini file parameters are figured out via random error messages on startup, etc. Yup, very broken. But after lots of work and reading source it actually works. Something like four hours of fighting. And submitting to the fact, that it wont work without reading source and understanding the requirements. Maybe next release is bit better. Anyway, the application after all this initial setup trouble work fine. Just that the server configuration and setup is clearly early alpha quality and for hackers only, or other kind of strangely perverted masochist DevOps.

6. Classic fail, this is clearly how things shouldn't be done. Actually, this is one of the reasons why insecure options shouldn't even be available. If it's not offered, then it's impossible to use those accidentally. Mailbox.org or figures out unencrypted data communication. (@ mailbox.org)

7. Had a long chat with fellow privacy enthusiasts about Matrix-TTL script and Matrix forever default data retention policies. Well, let's see when they fix the issue. - It's really nice to have chats with similarly thinking hacker fellows.

8. I also Dockerized SimpleX Chat (client) for security on my bastion host and automated message transmissions. Messages can be also sent via a HTTPS gateway, so I can push messages from any of my servers directly to my mobile using SimpleX or Matrix just by calling one URL and post. - Nice!

9. Digital euro (@ ecb.europa.eu) - Digital euro project is interesting. I've always wondered why EU wanted to push all consumer payments to US companies earlier. That's very strange strategy and afaik it doesn't make any sense at all. We've been monitoring digital euro and digital identity (eIDAS) projects for quite a while. Progress is extremely slow.

10. Asked for SimpleX Chat CLI client to support reading last received messages since last execution. That would be pretty handy for some scripts. Allowing reading message queues using stdout without using lower level agent integration, but directly using the existing single binary CLI client.

11. Found another problem with Matrix, messages are disappearing again. And this time, it's the first message while creating a new room. It seems that the process depends on recipients server being accessible when message is sent. If it isn't then message is lost.

12. Had more fun with bubblewrap (bwrap) and docker. Phew, finally everything is configured securely and working well. There are so many things to tune for that to happen.

2023-03-31