Ironside, Anonymous, Duplicati, CGA, USB4, IPv6

  1. Operation Trojan Shield / Ironside - Great example how untrusted software, well, shouldn't be trusted. But honestly, it's very very hard to tell if something can be trusted or not. Especially if you're worthy target. In some circumstances they tend to say, that attackers never fail. There are so many vectors than can be used if the attacker got resources to use. Read several articles about the stuff, from different countries + more technical posts. But technically it wasn't anything special at all. Man in the middle attack, very very classic. Plus sending copies of the messages directly to the police, well, not unexpected either. Also outsourcing illegal activities to foreign actor is well known classic loophole as well. kw: Anom, An0m, Anøm

  2. The design where everything is encrypted and users are completely anonymous, make it much harder to target any specific users.

  3. The Anom project actually highlighted exactly the things I've been warning about. Which is kind of really funny. You can't ever trust single service provider, because they then have full control over everything. I've written so so many times about this, but most of people don't just believe it, but it's still true. Classic example where people claim that WhatsApp or Signal would be secure, no those are inherently insecure by design. And even if those would be totally security right now, it means that any update in future, can break down the security completely. Which means that as long as you're receiving updates, those aren't secure.

  4. Duplicati when using FTPS with IPv6 seems to hang indefinitely without any error messages. This is just the stuff I like. ref: FTPS protocol (Works over IPv4), TLS self-signed, fingerprint specified, Network connection over IPv6 is know to work, DNS-NAME with IPv6 AAAA records is used. Server is reachable with TCP / TLS as specified above.

  5. Something not so different? CGA in 1024 Colors (@ int10h.org) - I just decided to remind my self about good old stuff, well not that old after all. But related to old tech. Got suck into it by thinking how horrible the original 4 color CGA palette options were. I did assume they would do dithering of course, and potentially "color blinking", but after all it was just dithering with some clever hardware feature based tricker (called Hacking!) and the result is pretty nice. As bonus the quality of the image was so low that the dithering really nicely blends and doesn't stand up badly. But if you check the source images with UHD display, haha, yes, you'll notice a big difference. Just like with most of "CGA" or "VHS" effect emulators get things so wrong, there are really physical reasons why some things are exactly as they are when implemented with authentic hardware. Cheap lame copies won't cut it. It's just like taking 1920s alarm clock versus 2020 Chinese plastic alarm clock. On quick look it might look pretty similar, but weight, smell, materials and how sturdy those are are immediate give off.

  6. Tiring topics? Google Sites broken again: "Saving your changes is taking longer than usual. Editing is temporarily disabled". Sigh.

  7. USB4 (@ Wikipedia) - Yes, it's old thing already. Good when connecting external fast SSDs and stuff. Read bunch of USB 4.0 related documents, yet it really doesn't matter as nobody uses it (yet). Haha, classic reasoning for not using IPv6 or 64 bit computers.

  8. Added my ULA IPv6 network range to Ungleich prefix list (@ ula.ungleich.ch) (non-authoritative registry). It's very handy to run WireGuard over your own provider independent ULA address space. If any of my systems need to be accessed over WireGuard from some other network, I can just setup WireGuard tunnel, and there won't be any address overlap and need for NAT. Of course many and most (?!?) networks use public IPv6 addresses directly. But in cases where public IPv6 addresses aren't static, ULA is quite useful. Also as mentioned using Link Local addresses got issues even on LAN and naturally those won't work with multiple segmented LANs. Or sure, you could do horrible trickery, like filtered bridging, but no thanks.

2022-09-18