DNS, Scaleway, VVC, LoRaWan, DNSlib, WG, HSM, Tails

  1. While working with the DNS hobby project, and reading lots of RFCs and documentation, I finally found out reason which has bugged my mind for a while. Why does DNS query some times take several seconds to work, even if I know that the response is available quickly. Well, it turns out that if UDP DNS queries won't work out, client uses TCP DNS query, and guess what, that's the one which worked. We had one network which had unfortunately quite high packet loss and with UDP DNS it was obvious when the packets got lost. Now I finally were able to figure out why it took several seconds and then it worked out.

  2. Scaleway Magic Link passwordless authentication uses HTTP to pass the user login information. - I'm not saying anything, because I don't have anything positive to say. Ok, well, at least it didn't bypass 2FA, that's the positive thing I can say.

  3. Read a few articles about Versatile Video Coding (VVC / H.266) (@ Wikipedia), it should give around 30% compression improvement over HEVC and AV1 and even those aren't being yet routinely used.

  4. Installed and configured LoRaWan temperature monitors around a few sites, where those seemed useful. Now I'm using constantly Sigfox (@ Wikipedia) and LoRaWAN (@ Wikipedia) services and reading data collected from related cloud service providers.

  5. Lots of work with dnslib and bind (named) configuration. Now everything's working perfectly. Dynamic records from forwarded database handler, and static main data directly from bind zone file.

  6. Configured bunch of production WireGuard (@ Wikipedia) VPN (@ Wikipedia) tunnels. It was kind of miserable experience. Why? It's hard to charge a lot from it. It was quick, simple and worked immediately. I so much miss the cross vendor IKEv2 / IPsec tunnels. Where you'll need to know both devices, know feature sets and even then it's hard to get the tunnel to work. And when it works, it still might be totally unreliable and fail with rekey etc.

  7. Absolutely marvelous article: ARM, x86 and RISC-V Microprocessors Compared (@ erik-engheim.medium.com). Very good reading. I've been doing some basic ASM exercises a long time ago. But it was fun to read. Haven't touched ASM in twenty years, no need. And from same author another great article about Apple M1 (@ erik-engheim.medium.com)

  8. Another lovely article, how abandoned Android devices (@ arstechnica.com) still can use Let's Encrypt in future. Some workarounds are so simple, that those make me smile.

  9. Element (Matrix) is nice, but as example right now, the Emoji verification is so slow it's totally unusable, takes several minutes. Making mandatory things taking minutes is just bleeping great. Things which are totally broken and slow, tend to drive users away. The lag was probably caused by huge flood of new users. When I tried later, it worked out as expected, still darn slow. But it worked. - But on the other hand it's really good that Element recommends verifying contacts.

  10. Cheaper HSM modules (smart card / security chips) can be also cloned and the secret keys extracted. Ref: Cloning Google Titan-2FA keys. (@ schneier.com)

  11. Tested using WireGuard (@ Wikipedia) between Windows Servers and Windows & Linux clients, as expected worked out perfectly, which was totally expected, but still it's awesome!

  12. Tails web based verify is great option for most. Even if I personally still prefer verifying using projects PGP keys, minisign keys, or just good old authenticode keys as addition to the torrent / web-verification.

  13. Something different? I just realized that I haven't yet mentioned ADFGX and ADFGVX (@ Wikipedia), now I have done that as well. Classic fractioning and transposition to encrypt and decrypt aka encipher and decipher text. Because I haven't yet mentioned in my blog: Tactics, Techniques and Procedures (TTPs), so now it's mentioned.

2022-03-13