DeDupe, LE X2, eID, SMB, 35c2, Privacy, Security
Re-listened 35c3 Wallet Fail Talk. Really good stuff. It's funny when security devices are insecure. Very very good talk, and totally awesome hardware & software hacking!
Bad code and even worse code? Element on Android, first it compresses video and tries to send it. If it fails it re-compresses the video again and tries to send it. Oh why? Even better, when the video compression is successful, when you re-share the video, it is re-compressed again... Duh... Waste of CPU cycles. Hopefully future versions will improve this, earlier versions didn't even re-compress the videos. Now it would be reasonable to check if re-compression is necessary and for re-transmissions store the temporary compressed file. Also the photo rotation and cropping feature is worst one I've ever seen.It's frustratingly and annoyingly bad. It gives you impression that you should be able to rotate and crop images, but that's not actually true if the resulting image doesn't match any of the predefined aspect ratios. Which is a strange choice.
Salesforce root cause. Sounds like the business as usual. I've had my sweaty moments with DNS as well and had to inform key people that the domain might / will be down for some time. I'm not too surprised by this. Anyway, if the application is so reliant on DNS and it's key software, I would have secondary process for circumventing some key steps. Like having static IP with key reference information, which allows systems to work if DNS fails. Well written key systems should have fallback process for almost everything. If you don't have such solution, then it's clearly that essential thing. Just like backups. For some reasons, I've got IPs (IPv4 and IPv6) for everything listed carefully, in case DNS fails, I still can reach everything I really need. ( At one time I had even automated hosts file generator for key domains! )
Lots of discussion in group about privacy, security: Jitsi, Session, Briar, Wickr Me, Signal, OpenPGP, long discussion about options and pros vs cons of these solutions. - There was also some discussion about leaking the seed of Session. Well, with PFS, having the private key doesn't allow complete break. It allows only you to impersonate that identity in future via creating new keys, it doesn't allow access to past discussions. Nor immediately breaks the security for other discussions using different keys. Just like with OpenPGP it's recommended that the encryption, signature and identity keys should be separated. So you can generate and revoke encryption and signature keys, while still keeping the long term identity key the same.
Let's Encrypt ECDSA X2 certificate root has been working as expected, no issues has been reported by anyone since I started using it instead of the the old RSA R3 root.
Unholy design, just heard about one design which is absolutely totally horrible. It requires too much rights, it's prone for serious abuse and so on, providing way too much rights to standard users and so on. Not good, clearly anyone whom designed it, thought that it's the easiest way to impelment it. Yet, at the same time its actually hard to configure so it works, and also it's absolutely and totally insecure, giving standard users direct full admin rights via simple tricks, which aren't bugs, just bad security configuration which is required for it to work.
European (EU) - Electronic identification (eID) (@ digital-strategy.ec.europa.eu). Closely realted to eIDAS. It's interesting to see if this will get actually forward and widely adopted and implemented. (Finland is working to impelement eIDAS finally?) kw: Cross-border digital identification for EU countries
Configured one general purpose file server which was continuously full with data de-duplication and it released surprisingly lot of disk space during the weekend. Awesome! I guess this is one of the under used features with file servers.
Dig through new features in - SMB 3.11 (@ docs.microsoft.com) - Write through (direct) writes, Global mapping, Requiring minimum (and maximum) SMB version, Encryption improvements, pre-auth integrity.
Briar 1.3 released (@ briarproject.org) image attachments, profile images and disappearing messages - Briar project kees adding new features, but still anonymous single sided introduction isn't supported, which would make it quite much more useful in some situations.