Goto, Onion, BTMH, Tunnel, RunAs, SimpleX, ModClient, DoH

1. Omg, after all these years or random cmd / bat scripting, I just encountered: 'GOTO :EOF'! I just think I saw it for the very first time. 'exit /b' is bit more familiar. Yet I used to create label like :exit or :end when needed. Why didn't I know about :EOF. Ref: Where does GOTO :EOF return to? (@ StackOverflow)

2. Watched State of the Onion 2022 (Tor Project) (@ YouTube). Standard stuff about global politics, but first really interesting part was TorVPN. Tor network DDoS, Congestion Control (@ blog.torproject.org) kw: Onionmasq, Arti. Arti is also designed to be embedded in other programs using FFI (@ Wikipedia). This means that there will be more programs in future, which will provide embedded Tor routing features.

3. Studied BTMH BitTorrent Info-Hash-v2 which is using SHA-256 with Torrent files instead of the old BTIH which used. Nothing special about that really, just different hashing method for metadata, which of course not all clients support yet. Ref : magnet:?xt=urn:btmh:<tagged-info-hash>&dn=<name>&tr=<tracker-url>&x.pe=<peer-address> (@ Wikipedia) support with the multihash. I think that BLAKE3 (@ Wikipedia) would have been a perfect as BitTorrent hash.

4. Anything over anything, as I say. wa-tunnel (@ GitHub). Yes, tunneling over WhatsApp. Because, why not?

5. Classic joy, runas /user:system doesn't work. But why? There are plenty of "download this random exe and run it to gain system access" tools. But why doesn't runas work directly? That's quite a good question. Afaik, it's bad for security and excellent way to deliver malware, when you'll teach people to download random binaries / scripts and execute as administrator / root.

6. I did read SMP server specification for SimpleX Chat (@ simplex.chat). I think the implementation is quite naive. After reading the documentation, first thought was that running this server is kind of risky, because it doesn't provide any attack protection. I've learned from past that usually if something can be trivially abused, it'll be abused sooner or later.  ref: simplexmq (@ GitHub). They claim that it's hard to find SimpleXMQ (SMP / XFTP) servers, but the handshake is easily identifiable, so...

7. Some people claimed that using SimpleX Chat with malicious server leaks your IP. Yes, of course it does. When privacy is the goal, it's usual best to keep all communication in a small closed circle with trusted server. Like a closed group of burner phones / switch. That's where running your own server comes in, which is actually possible with SimpleXMQ. Your contacts already known to you, so the trusted server having your IP isn't that big deal. Different platforms provide different characteristics and are suitable for different situations. Just to say in general. As with most of services user IP isn't a problem.

8. Some people say that client or server doesn't support something. That's a funny claim, because if and when I test attacks on something, I usually tend to run my own modified clients and servers. If there is a capable bad actor, there is no reason to assume that they would run standard version. On top of that, they could and probably have a full network traffic / packet captures. That's why the questions should be only addressed on protocol and data level. That's what is available, what happens after that, is up to good faith.

9. Computer & Software problems, at work, at home and at friends. This is just so lovely. Thank god it's Friday! Probably some friend soon calls and asks to debug something. And I just spotted issue with Pleorma (ActivityPub / Mastodon) compatible social media client.

10. Went through the effort and configured bunch of systems to use DNS over HTTPS (DoH). Now it's done, took several iterations with configuration files modifications to get everything perfect and tested, including fallbacks and DNS leaks. Basic case, small war with stub resolver, netplan, etc.

11. Something different? Precision Strike Missile (PrSM)  (@ Wikipedia), Columbia-class submarine (@ Wikipedia), Dreadnought-class submarine (@ Wikipedia). It's time to upgrade submarine generations.

2023-12-17