Zip, Qwant, MLS, SSH, NAT64, BLAKE3

1. Optimizing Zip Format (for Firefox packaging) - Very nice, yet simple change. On single zip file access probably performance improvement is absolutely marginal. But it all adds up.

2. Qwant.com search engine (@ qwant.com) - Had long long discussion in one search engine forum about this. It seems that they're pushing agenda which claims that they're independent. And try to claim that reports that their results are based on Bing is invalid. Yet, three guys in the forum immediately confirmed after quick checks that for sure most of results come from Bing. So... Personally I would say that this puts Qwant in bad light, not the guys claiming that results are from Bing. 

3. Studied Message Layer Security (MLS) Protocol (@ datatracker.ietf.org). Seems like an interesting underdevelopment option to MegOLM (@ matrix.org) for Matrix. Let's see if I've got any opinions about the draft:  First though, ok, this is going to be a handful. Handling of out of sync rarely online devices might be interesting, as it has been with MegOLM as well. Also extra high latency and problems reaching clients are persistent issues. Let's say you've got a client which is online only 5 minutes / week, and then you've got 100 of those in a room, which all are online randomly. Sure, with correctly designed system this shouldn't be a problem at all. With MegOLM there are more or less common repeated situations where decryption fails due to several issues. Often it's only partial outage, between some clients not being able to decrypt messages from some other clients. Therefore it's hard to say, if the recipients have been actually able to read the messages. Very annoying. To simplify it, the recipient(s) did get the message, but didn't get the decryption key(s) needed to to decrypt and read it. Ref: MLSWG (@ GitHub).

4. Encountered rfc8709 - Ed25519 and Ed448 Public Key Algorithms for the Secure Shell (SSH) Protocol (@ datatracker.ietf.org) - OpenSSH ed25519 and ed448 keys. Looks good, I've been using ed25519 keys for a long time, but when ed448 becomes available, I might generate new keys.

5. Just wanted to remind you about Windows Sandbox (@ Microsoft). I've noticed that many users don't know it exists. It's very handy when running / testing software. kw: Sandbox (@ Wikipedia)

6. sntrup761x25519-sha512@openssh.com - Added on a few test servers and clients a new KEX  (key exchange) algorithm, which should provide quantum safe way of generating encryption keys for the symmetrically encrypted rest of SSH session. Supported at least by OpenSSL, all SSH implementations might not support this so curve25519-sha256 is left as backup.

7. Noticed that ssh go implementation doesn't support curve25519-sha256 and here's a ticket (@ GitHub)  about it. I'll be informing a few projects when that's fixed.

8. Interesting find P2P NAT64 (@ p2p.nat64.dk) - Peer-to-Peer NAT64 (@ Wikipedia) network, yet another solution to improve IPv6 / IPv4 connectivity. Providing both IPv6 for IPv4 nodes and IPv4 access for IPv6 nodes.

9. The log4j / log4shell exploit, nothing new. Classic problem of creating "powerful" programs, well that power can be abused. Writing minimal programs with as little features as possible is one easy way to improve security a lot.

10. Studied BLAKE3 (@ Wikipedia), it seems to be pretty awesome and very fast. Let's see if gains wider adoption in future. Extendable output, keying and PRF functions mean that at least in theory it could be used easily as cipher key stream generator as well.

11. Something different? Watched "Universe with Brian Cox", quite light, but very well made and enjoyable documentary. kw: space astronomy satellites technology

2023-02-19