NYM, Briar, LUKS2, Matrix TTL, W^X, Signal

1. Helped a friend to setup NYM MixNodes for providing anonymity on future platform. Yet NYM network utilization is still super slow compared to as example Tor.

2. Read the latest Briar (@ Wikipedia) release notes, awesomeness. Now supports Tor Snowflake, obfs4proxy (0.0.14) and trust indicators. I've been asking for trust indicators in several apps, but Briar finally made it.

3. It took quite a while of tuning, but I managed to configured one environment with latest GRUB and LUKS2 (@ Wikipedia) FDE, utilizing systemd-cryptenroll for TPM2 (@ Wikipedia) support.

4. Some random chat with friends reminded me about some age old good stuff. Try to guess how long it took people to understand what happened, when I created files with ANSI codes (@ Wikipedia) in the filename. First turn text black, and then background black and the disable cursor and clear screen. Hahaha. Now when you wrote dir in the root, you ended up with blank screen and it seemed that nothing is working.

5. About tweaking stuff in places people won't assume it to be tweaked. In one project people checked the source code very carefully. But they never checked the system libraries. What if hmac.compare_digest would happen just to check first bit of every second byte? Surely it seems to be working in all unit tests, yet the actual strength of comparison is only 2^16 = 65536 options. After this kind of weakening it's trivial to generate collisions if necessary. Hash isn't same, but it doesn't matter, when just the right bits of it are. That's one of the reasons why it's important that F-Droid compiles the programs. Because it doesn't matter program says, if the libraries which it is using have been modified.

6. Absolutely excellent Starlink (@ mikepuchol.com) related article.

7. Rewrote the TTL BOT Matrix (@ Wikipedia) message deletion / retention / expiry / self-destructing messages script from scratch again as weekend fun. Took about six hours to get it all done. It became obvious that people didn't like the BOT option. Now it's single standalone Python script, which runs with users own credentials, but doesn't require encryption keys. - Only paranoid people would use such script, and now it's something they can run with their own credentials from their own server. No need to trust anyone outside. - Done, check. New version is simply called Matrix Time-to-Live (TTL) (@ Wikipedia). As it has became evident in multiple discussions, Matrix project doesn't take data retention seriously. Data is spread around and kept forever. Which is unfortunately very typical to many cloud services. Also the encryption keys are kept forever, unless user takes especial actions to get rid of those. Which of course nobody ever does. I would like the platform to safely expire messages and encryption keys by default, if user desires so. - Now using Matrix API v1.3 (v3) instead the previous r0 version. - Interestingly Matrix message deletion is insanely slow in both terms, on server side and in client.

8. W^X (@ Wikipedia) write xor execute for memory isolation. Mark data as writable, which means that it can not be executable. Bit similar to good old no-execute NX Bit (@ Wikipedia) / XI / XN. Interesting how I've missed this feature for so long.

9. Signal (@ Wikipedia) dropping SMS support was in the tech news. Afaik, there's no reason why you couldn't encrypt the SMS messages. Having a support for insecure SMS is just strange, and now they're terminating the feature for good. Yet I haven't personally found any reason to use Signal for SMS, it's very strange starting point anyway.

10. Something different? eFUSE (@ Wikipedia). VoNR / Vo5G (@ Wikipedia). Watched The Bureau TV series (@ Wikipedia) during the long cold winter.

2023-11-26