DoH, VPN, Cloudflare, mkusb, FIDO2, WineHQ, Edge, VirtualBox

  • Firefox DoH focusing all traffic to Cloudflare. It's interesting to find out that someone has written a long blog post about exactly same worries I immediately came up in my own analysis. My primary concern was that now all traffic is being focused to single or a few global providers. As well as also internal queries could be leaking out because independent applications are overriding the normal organizational DNS configuration. Also ... Next point ... Interestingly the post didn't mention eSNI which is a good technology in my point of view, and very important part of encrypting it all chain.
  • Basically this is just like the VPN question. Yes, you're being in danger by not using product X. Everyone should use X. X makes everything secure. Oh really? To me that sounds like serious FUD. When you choose not to trust some party, please make sure the option you're choosing instead is better. Your ISP is Trojan horse, they're spying on you. It's better to choose this random off-shore company X which we basically know nothing about, it's much more secure. Ahem, really? WTF? You really can't be serious about that. As far as I know, there hasn't been any cases where ISP DNS server information would have leaked at least in Finland. DNS query data just as all other telecommunication information is protected by law. If you're not under criminal investigation, then it shouldn't be really your concern that someone would "abuse" the DNS resolver data, phone call records, or location information. If there would be such cases, those would end up in court pretty quickly and end badly for the service providers point of view. - Anyway companies like Cloudflare do have great record so far. But my sick paranoid mind asks how much I would laugh, if it turns out in 20 years that CF was actually an espionage project for intelligence service. It would make me laugh so hard. Sounds crazy? Maybe, maybe not. - I found out that many others also support these views, I'm not the only paranoid out there. - Anyway, trust is complex issue always. - I did also read huge number of different comments about this discussion and different views. but I think my initial opinions still stand.
  • Used mkusb for a very first time. I've usually had much lower level approach without GUI or user wizards. I found out that it was the easiest way to create Live Ubuntu with large enough persistent storage. Otherwise I couldn't get some of the stuff I need to get done, done with the live system. One of most annoying projects after all, problem after problem after problem and then I ended up with corrupt casper-rw persistent live file system and... Aww. Pure pain and rage. Wow, I haven't ever seen that badly corrupted ext4 file system. Maybe the live persistent system is without journal. Strange. fsck fixed the situation, but then apt and package repositories were totally messed up, because I were just installing bunch of software when the live system crashed. Wonderful mess while doing simple things. Of course there's no risk of data loss, because this is of course experimental setup in suitable environment, but losing a few hours still is annoying. Anyway now the /cow is finally large enough, and ahem, not too corrupt to run the tests.
  • Also decided to do something crazy. I'll be testing Microsoft Edge developer version on Ubuntu / Linux using Wine. Sounds crazy, sure, it is. Let's see if the FIDO2 passwordless login work with it. I'm highly skeptical but I couldn't dismiss that without testing. Even though the thought about that made me really laugh when I saw the suggestion for the very first time. Trolling, oh dude you're trolling so hard. Ahem, or are you?
  • Installing WineHQ with all required libraries took about 2 gigabytes of extra space, smile. Then winbind was missing. But let's see what happens next... Well as expected Edge doesn't work with Wine. I were totally expecting that to happen. It just says there's a network error and installation aborts.
  • Next attempt using the Microsoft Edge Virtual Box Appliance file. Let's see what happens now. I already started to hate it at the point where the image file needs to be imported and you can't directly start it. Ugh so much bloat. First download about 8 gigabytes, then unzip 8 gigabytes, then import 8 gigabytes. Yawn. After all this tuning wich took several hours, end result is that Edge didn't successfully run at all. VirtualBox option didn't work because the test environment had only 4GB of ram, which wasn't enough. And Wine version crashed due to Wine errors and then Edge setup claimed that there would be a networking error which prevents installation.

2020-09-20