Briar, SSD, HTTP, PSQL, QKD, FF, Eco

  1. ssion on Twitter (@ BriarApp) about Briar (@ briarproject.org). As far as I understand using briar:// links still requires mutual pre-communication key-exchage. Communication can't be opened just by giving the link, you'll have to swap public keys before communication can be established. I don't know if my tweet was badly worded or if the Twitter "sales person" just didn't understand what I were after. Anyway, creating "single sided briar connect link" with alternate introduction public key would be awesome. Then I could have a short chat based on "pending request" and when I'm happy with the contact, I would "approve it" and then it would continue just as normal. During this initial phase the contact would be on my "contact list" it would be just pending contact or whatever it's best to call it. - I'm also thinking about optional "personal invite links", where the Briar address would be like briar://client_address/invite-code and the invite-code could be also a hash (pseudorandom) or something similar completely random (stored). When the contact uses that link, it would allow auto connection, without having their briar-link in advanced. In case pseudorandom, there's no need to store the approved keys, but if true random is being used then of course there has to be local database for generated pre-approved linking codes.

  2. Nice post about SSDs: Everything I know about SSDs (@ kcall.co.uk). Very nice summary and it's actually totally along the lines I've been writing as well.

  3. HTTP request smuggling (@ Wikipedia) - Nothing to add, it's just vulnerability if some systems allow it. By default it of course shouldn't be allowed.

  4. Matrix Encryption for message relationships (@ Github) - Yes, it would reduce metadata leakage on Matrix. Like encrypted reactions.

  5. PostgREST (@ postgrest.org) - Awesome tech, transforms PostgreSQL database directly into a RESTful API. I've used it for a few test projects, but not in production (yet).

  6. Some cases are so paranoid, those make you think the stuff could be malicious actor or pen testing. But it's hard to tell if the story is suitable. This time it seems that the "suspicious event" wasn't after all malicious. But it was still very questionable in nature when it happened. - Unfortunately no more details to be publicly told. - Maybe in 5 or 10 years or so.

  7. Read long long article about: Quantum Key Distribution (QKD) (@ Wikipedia). Lot's of good stuff and it allows transmitting shared state, which can't be known by outside parties. Nice stuff for crypto.

  8. Mind blown, some people used several days trying to get over a decade old VB.NET (@ Wikipedia) code to work. When it didn't I asked for the source code and re-implemented the whole program in two hours. And it took just minutes to install. - What a great success. Also performance and overhead increased almost infinitely with my caching optimizations. Sometimes something goes well.

  9. More bad code, the option in Firefox extension Temporary Containers is so broken. "Keep counting until browser restart" is the option for Container Numbers. But this will lead the numbers to be re-used in some situations, in way where the same container number doesn't actually refer to the same container. What kind of bleeping code is that? Yes, you've got the container #14. Yes, but that's not the container #14 I'm talking bout. Duh! Clearly there's some hidden container identifier somewhere, which is different but the container identifier shown to the user is same, except it refers to different container. Boom!

  10. Watched a sales pitch of CO2 capture technology. But strange, the capacity is small. Large coal power plant produces amazing amounts of CO2 / year, much more than they can capture. Why to capture the CO2 from air? Wouldn't it be make to capture it directly at the source? The source would have excess thermal energy to provide (often), and the concentration of co2 in the "source gas" aka, smoke would be much higher. And on top of that, they could also filter other harmful stuff from the smoke. Well, sometimes eco people just do things to cash out investors, unfortunately often the ideas aren't commercially viable or otherwise make general sense. Yes, the thing you're proposing is "possible" but it doesn't mean it still would make any common sense. Green washing!

2022-12-04