Mullvad, Performance, Fingerprints, NAT, SimpleX, BitLocker, VVC

1. Anon self-hosting under attack, first Mullvad dropped port forwarding and now iVPN dropped port forwarding. Well, I guess for the providers which still do provide port forwarding there will be plenty of users checking in after these changes. Also iVPN announced quite soon after that they'll be dropping port forwarding as well.

2. Based on that, I'm not wondering why some customers want me to write critical microservices. Because I'll always take care of exception handling, retry logic, when to retry, how to retry, how to do it efficiently, how and when to give up. How / where to inform about the failure. How to internally and externally monitor that the programs are working correctly. I'm also very keen on error messages and logging. Things shouldn't be misleading. When writing SQL stuff, I'll always check indexes, how to make queries efficiently, how long and what information will remain locked, how much journal updates I'm creating. How I'm accessing data, how much cache load and data access I'm causing, etc. If there's any suspicion about bad performance or malfunction in production, I'm always willing to check logs.

3. Long discussion if BitTorrent works well through NAT or not. Well, that depends on multiple things. But if both systems are behind symmetric NAT UDP hole punching just doesn't work. Some people claimed that it does. Well, eMule did work, it used "buddy" system, but it was only used for Kademlia DHT lookups, not for data. Question, why BitTorrent doesn't support TURN protocol?

4. All this NAT discussion lead to this excellent post series about NAT and UPnP, STUN, and so on. Everything you never knew about NATs and wish you hadn't asked - Part 1 - (@ educatedguesswork.org, all parts), Part 2, Part 3

5. After that post, I also found out that I've always thought only about UPnP, I didn't even know that these protocols existed: NAT-PMP (@ Wikipedia) and Port Control Protocol (PCP) (@ Wikipedia).

6. Had one interesting discussion about database structure. It's "unnecessary optimization" to store timestamps as binary numbers. One developer team prefers storing time stamps as 27 codepoints long UTF strings. YYYY-MM-DD HH:MM:SS.NNNNNNN. Sure, that works too. I just would prefer binary option.

7. Encountered first H.266 (Versatile Video Coding  (VVC)) compressed video (@ Wikipedia). It's a lot heavier compression than H.265 (HEVC). Video compression and virtualization have been one of the most common reasons, which have forced me to replace my system with a newer one. It would be so nice if VLC / VideoLAN would have VVC decoding support.

8. One system got broken hardware, storage media needed to be relocated to new computer. Yet, there was only one problem. The storage was protected with BitLocker and normally it was configured to auto login, so nobody remembered even any credentials for the system. Nor had the BitLocker recovery key anywhere. After they got desperate that they can't lose all of the data on the system I started to ask some things. Like did you know that full disk encryption keys (FDE) are automatically send to Microsoft. - At least they didn't. - Well, then I said, that that's your only hope, get the encryption keys from Microsoft. Nicely half an hour later, everything was again up'n'running with new server.

9. Had some interesting luckily short discussion about premature optimization. Like how memory could be allocated more efficiently on the SimpleX server side. How to get rid of idle clients. Does it waste if apps waste lot of memory or CPU cycles and so on. 

10. The fingerprint with the SimpleX Chat SMP & XFTP protocol server refers to the CA certificate and it's fingerprint used to issue the server certificate. This means that the fingerprint remains the same, even if the server certificate is renewed and clients can still connect to it, without any configuration upgrades.

11. Watched SimpleX.chat talk @ Monero Konference 3 - Praha - 2023 - If there's anything being told which isn't on the official SimpleX project roadmap. As example two-hop onion routing. And there was nothing new. Reading documentation is better option than watching PR talks.

12. One nice thing about SimpleX is that it's safe to run the server(s) using dynamic IPs and any TCP port, which makes the service highly self-hostable. You can use your RPi or any cheap device / VPS to host your team messaging needs.

2024-05-26