Cron, E2EE, Hashes, NYM, SQL, AGE, DataDrop, Ubuntu
Ah, so many pointless questions. A friend kept wondering how to allow and deny cron (@ Wikipedia) users. Well, how about cron.allow / cron.deny - duh! I kind of love and hate it, when people ask questions which are totally obvious (to AI) or any documentation to cover. Just earlier today I was slight annoyed by the fact that 99,95% of all discussions, documents and other stuff are totally pointless. Because those do not present any new information, it's just blabbering about the old stuff. Eh, like my blog. If the cron doesn't cover some of your requirements, just call secondary script "often enough" whatever it is, and then add more complex and additional logic to it, if the task should be executed or not.
As far as users are using trusted binary from one source, my personal opinion is that e2ee doesn't actually protect communications in case where the vendor desires to gain access. - Interestingly some parties want to deny this really hard. But they haven't yet come up with the story, how it's technically being denied. - Problem is that any words, agreements, etc are worthless. There has to be technical backing.
I've wished for a long time that there would be a practical memory display for processes on operating systems. It would show memory referenced and used by the process in last N time units, like let's say for last 5 minutes. It would be actually useful information. What does it matter if program is "using 500 megabytes of memory", if it only accessed 5 megabytes of that in last 7 days? Ref: virtual memory (@ Wikipedia)
Do users ever verify download hashes / signatures? - No. How do I know? Because, I just found out that the verification hash of one important security program was out of date, and the funny thing is that I was the first one to notice and ask about it. What a joke. They are incompetent and so are their users. Great combination. Maybe I should look for some other program to replace that one. - For security reasons I'm not right now revealing publicly which program it is. - Finally answered: "Unfortunately, the hashsum hasn't been updated for the latest version yet. No worries, our team is already aware of the issue and it will be fixed soon." - What does this mean? Nobody ever checks the hashes anyway, so it doesn't matter if the hashes match or not.
Helped a friend to shut down bunch of NYM mixnodes, it seems that the NYM project isn't delivering after seemingly looking good on the paper. Economic aspects of that hobby were interesting, it was like 99,99% pure loss. Any
SELECT stuff AS stuff FROM table WHERE key >= 1 AND key <= 1 AND key = 1; This is a lot simplified syntactic example, but highlights the funny parts. Every field is retrieved as itself and many comparisons were like that. I don't know if I should cry or laugh or if they were just trolling. In similarly and totally pointlessly, they also always included the column name in every select, selecting something as it's original name. Hmm, funny.
Friends asking questions how to send encrypted ... Use AGE, if the public key isn't public, then it also provides message content authentication. That's why it's a good idea to agree and verify contact specific keys if authentication is important. But otherwise it's great PGP replacement for 1:1 encrypted communication. It still lacks whole PKI stuff, signing, chaining, trust etc feature set. But it doesn't matter, because many PGP users never use it anyway.
Added encrypted message / file drop box (nothing to do with the cloud service, it's my own) - Allowing users to easily drop stuff when necessary. It seems that many users still don't handle encrypting content in any sane way. Now I can just give them link, send it here and we're done.
After updating from Ubuntu (@ Wikipedia) 22.04 LTS to Ubuntu 24.04 LTS it seems that some WireGuard (@ Wikipedia) configurations broke. The DNS = parameter in the configuration doesn't work anymore due to the changes made to Ubuntu and resolved. resolvconf vs resolvectl and tun prefix with the interface name. You'll have to replace those with corresponding PostUp and PostDown commands which modify required DNS settings. It wasn't hard to solve as long as you accepted the fact that you'll have to modify configurations manually and the DNS configuration optin itself is simply broken and prevents tunnels from working. Of course you can drop wg-quick and just use classic ifup and ifdown and configured DNS (@ Wikipedia) and interfaces traditionally.
Something not so different? Kobayashi_Maru (@ Wikipedia) - Fictional military and psycholog stuff - Very good article and topic to cover. Essential link to something that my blog was missing.
2025-02-23