DoS, Matrix, PGP, Mojeek, Teams, Links
Just were wondering with friends the DoS attacks Tor relays are seeing. There seems to be Tor internal DoS protection, but it seems that using iptables before Tor itself is much more efficient method.
Matrix hits 60 million users. Decided to remind my self about directed acyclic graph (DAG) (@ Wikipedia) - which is the model Matrix room use.
Thunderbird PGP decryption / display bug / issue. Just found yet another bug, which is on the level that they're probably experts in trolling. When message contains OpenPGP encrypted body, the Thunderbird does prompt for decrypting and does the decryption, but, it only shows the message content partially. First I though what? Could this message be this short and lacking all key information. First I were like wtf, is the data really lacking. But after checking the raw message I were like ok, the encrypted message is N bytes but the decrypted message is only X bytes. There has to be something wrong with this. Then I saved the raw .eml and first tried to decrypt PGP section from that, of course it fails, there's the MIME encoding. Then I used Python and quopri lib to get rid of the mime encoding. Finally wrote the de-mimefied PGP data section content to data.pgp file and then decrypted that. A-haa, finally the content is here. But guess what, I'm pretty sure that 99% of people can't do that, and I'm probably underestimating the percentage. Well trolled guys! (For the record: 93 characters were shown from the beginning of the the message content was cropped in the middle of a word, interesting.)
After a short while, I found second bug related to encryption. If I try to open encrypted attachment, the "Error- decryption failed popup" is left under the open file dialog, but the error message is mandatory. Again, normal user will think that the application hanged. Because they only see the save dialog, which is unresponsive. Of course, if you move the dialog, then the error message is visible and you can deal with it. - Nice job! I just could imagine that there would be a bunch of users, whom just won't figure this out and get stuck with the situation.
Unfortunately bit same rules apply to Matrix and it's main client Element. Many things are made hard to use and buggy, which causes constant frustration even for hard core nerd experts and makes it totally unusable for normies.
I just watched a movie where they said that: "It would take an ultimate professional, to make this look so amateur". So true, the experts can make all kind of fun jokes, which do look just like bugs caused by incompetence. I guess this is how the best backdoors are also planted.
Mojeek and other alternate search engines: I like Mojeek's UI, speed, independence and ideology, but there are some rough bumps to deal with and index size is what it is. DuckDuckGo is clearly better than Mojeek (in term of results), but for the specialty searches I usually use Google because DuckDuckGo is also very weak compared to Google when looking something like string in source code or some special configuration parameters of some obscure servers software or something similar. searX is not a search engine itself, and I’ve had usually very bad experiences with shared instances. Qwant is bit mixed case as well, I would currently rank it below DDG. Other Bing fronts are mostly useless, I don’t get the point of those / advantage. And finally Yandex is actually surprisingly good, or at least let’s say that it’s better than most probably would expect. Yet of course it’s clearly worse for English specialty searches than Google.
Microsoft Teams and so called quality. Once again, receiving notifications about new messages in Teams, even if the chat in question is just open on my Teams client. Ok, kill client, restart, nice, now the new messages are visible. It's incredible how crappy and buggy Teams can be on multiple different aspects.
Just dropping links to three nice sites: Privacy Guides - The guide to restoring your online privacy (@ privacyguides.org) and The Hitchhiker’s Guide to Online Anonymity (@ anonymousplanet.org). Tails OS - The Amnesic Operating System (@ tails.net) - These are true classics, yet there are interesting stories about the second one, but it's not to be shared.