OOI, CommitStrip, DKIM, Qubes OS, TOF
QOI: Lossless Image Compression (@ phoboslab.org) - Absolutely lovely. I wrote PCX encoder / decoder from scratch back in the day. But this format seems to be amazingly simple and fast. I fully agree about designed by consortium statement. When implementing something, many formats (for even simple things!) are incredibly complex. End result? Import some library, use some other ugly hack, or make extremely simple data extractor / writer which actually ignores 99% of the standard and simply gets what's needed from the file or writes into file, just updating the mandatory parts of the "container blob". I've done that repeatedly. It works well as long as the input files are exactly as expected, if not, well that's it. The specification says RGBA format, yet people were immediately asking for support for color spaces etc. That's exactly how it starts, we could add that and then that, and what about GBRA images and so on. HSVA. Then it's not simple anymore.
The CommitStrip (@ commitstrip.com) got some really great programmer strips. Like bad code haunting codes at night... I know that feeling. Why I wrote it like that, why I didn't... I could refactor it and improve... But is it improvement? I would need to properly performance test it to know if it improves performance. Writing it in simpler more robust way would be cleaner, often performance increasing optimization add complexity and bugs, and make the code more messy... But ... Oh well...
Configured bunch of domains with DKIM (@ Wikipedia), where that was miraculously missing. No wonder so much email got flagged as spam.
Qubes OS (@ Wikipedia), so much work! Configured new battle station with Qubes and custom appvm's. Now I've got Whonix (@ Wikipedia), Tails OS (@ Wikipedia), Xubuntu, configured, separate Qube for each of operation type(s), some temporary / ephemeral where everything always is a fresh start and others wit persistence. Also inbound traffic can be routed via anonymized VPN or Tor hidden Onion service the using network provider Qubes. Lots and lots of work, but now when it's done, it's very nice indeed. So happy it finally worked out as desired. This arrangement let me also reduce my physical computers by a few machines. Because no need for physical separation. Also some containers in the encrypted system also got internal secondary encryption layer with full disk encryption. Even if the host would be on, if some of the key Qubes aren't running, there's not much to recover.
Data retention vs legal hold. I'm slightly annoyed by the fact that people don't get the fact that deleting something, doesn't mean the data would be gone. We had a long discussion with one user, who claimed that the confidential data was deleted. No, you can't know or confirm it, unless you've got the full access to the system. Normal user has no means to know if something has been actually deleted or not. As in this case, the system has been configured so that the relay stores all data in legal hold for seven days. If something is posted, and deleted one millisecond later. The data will still remain available for seven days. This applies to all platforms and systems, deleting something means nothing, nothing at all. Only thing it might do, is flip a bit "deleted" and then you (as user) just don't see it.
Lots of tuning with Btrfs (@ Wikipedia) for one of the setups. Went through and experimented with most of the mount options Btrfs provides. It's nice that as example compression and copy-on-write can be enabled on file basis and so on.
Just found out how agonizingly bad the iPhones camera is, the Time of Flight (ToF) (@ Wikipedia) / AI based fake blurring in images is really disturbingly unnatural bad bad, also it makes all the images soft, which is classic sign of really bad camera.
If anyone claims they won't use Matrix (@ Wikipedia) because it requires yet another app on device(s). No it doesn't, it works perfectly in a (mobile) browser with ultra light client called Hydrogen, including full end-to-end encryption. kw: e2ee, ref: hydrogen.element.io (@ element.io)