pHash, WPA3, Katzenpost, Yggdrasil, Outlook, Matrix, Certs

  1. All the discussion about Apple monitoring phone photo content. But there's nothing new about it. As example Samsung automatically classifies images, it's secondary question if this information is leaked to third parties or not. But the phone is analyzing content of every image, which is very clear. If we're talking about just image hashing there's nothing new about this: - pHash - The open source perceptual hash library - - (@ ).

  2. Configured a bunch of networks to use WPA3. Worked surprisingly without any problems with when using modern devices. I configured separate rarely used network for WPA2 legacy clients.

  3. Studied Katzenpost (@ ). - Interesting solution, where mixnet isn't between users, but between servers. Which could provide better user experience, because the end device doesn't need to deal with the mixnet issues and it also introduces it's own mixnet. Made me wonder, if this could be utilized with SMP protocol.

  4. Studied and tested Yggdrasil network (@ ) - Yggdrasil is IPv6 routed friend-to-friend (f2f) and end-to-end encrypted (e2ee). There are pros and cons with that design. Peer discovery / peering is currently managed manually. Which easily leads to long and sparsely connected partial mesh network structure. Which means that if there's anything more than light network traffic, it easily ends up heavily taxing some key peers of the network. Also there's a risk of reliability issues if large parts of the network are connected via a single peer, node / hub. Of course that's a feature not a bug. It's just how it's designed to work. So it's a design trade-off. Naturally there should be more than a few super-hubs, number of hot spots would be reduced. Best way to work around this would naturally the hot service / active points peering directly between each other. Just like two ISPs can peer directly, without passing data via (possibly remote) Internet Exchange (IX).

  5. More alternatives to free SSL (TLS) certificates:, Buypass, (Go SSL) are also providing free certificates (with independent CA ROOT) using ACME protocol, this is great development as addition to just the Let's Encrypt. This is important as we know that at times something very bad can happen which completely invalidates trust to CA. Yet I do assume, Let's Encrypt and similar organizations do have very strict security in place for securing the secret intermediate and root keys.

  6. Even more Matrix bugs, again. Now media share fails, if thumbnail fails, but upload of primary content works, then it's "attachment" instead of image, even if it would be an image and shared with image sharing function. Duh!

  7. Microsoft Outlook spam blocking sucks, as always. Now I can't even #email myself. Great job again. 550 5.7.520 Message blocked because it contains content identified as spam. AS(4810) Primary alias change is still broken, it has been for several years. - Duh! - At least now the envelope-from is ok when sending email from web-mail, but still when sending via SMTP it's still invalid, and trust me. I didn't sent that invalid value, it's Outlook which sets it. - Sick'n'tired of this bleeping quality software.

  8. Tested OnlyOffice and Zoho as alternatives to the well known Google Work and Office 365 solutions. All seem to work with basic stuff pretty well.

  9. More interesting Duplicati issues, I think I found a systematic transactionality / atomicity flaw in the logic of the program. But let's see how it turns out. Topic of the post is inaccurate, because it seems to be Duplicati generic failure to properly complete atomic operations (@ ).

  10. Ubiquiti EdgeRouter IPsec defaults changed? I had to specify the PFS DH-group, even if it's by default the same which is used for IKE-group. So, the enabled equals the IKE-group's default DH-group statement clearly isn't true anymore.

  11. Endless data integrity discussions, haha. With some Open Source projects, and other projects as well. People often ask, how anyone can write programs that works correctly. Well, it all starts from correct design (!!!) and then implementation. Worst part is that the design is already so flawed, that it basically guarantees bad outcome whatever the implementation is. I've been part of some such projects.