Python, SSH, SimpleLogin, Tunnel, DoH, Tor + MixMaster

  • I'm not the only one who's suffering from Unicode (UTF-8) handing caused crashes when using Python. It's so annoying. Program works perfectly unit sanitized user input causes it to crash. All this because of bad Unicode processing and default values. Yes, of course it works, if you especially define utf-8 encode everywhere. But isn't it supposed to be the default(?). Btw. This problem only exists with Windows. Most Linux installations got proper UTF-8 support.

  • "Public SSH keys can leak your private infrastructure" - Bla bla, sure it can, if you do things that stupidly. Nothing at all forces you to use same keys for all services. RTFM IdentityFile, IdentitiesOnly yes or -i.

  • An overview of Cryptography. Well, this is awesome paper. I'll scan through it if there's anything new. Hmm, I didn't remember S-HTTP. Liked IPsec section, with protocol descriptions and packet structures. I haven't yet used IPsec IPv6, hmm. Nor I have ever used TLS with PSK modes.Yet it seems that Python 3.7 does support PSK modes. Yet, after quick check, I didn't find it in ssl lib. I've never used nntps nor telnets either. Also liked the EFS section.

  • Tested a new alpha software: SimpleLogin @ browser plug-in extension for Firefox. Found interesting but very classic usability issues. Like when you install a product, it claims that you've got invalid API KEY. But it doesn't still PROMPT for it during the very first run. You'll need to go the settings to configure the API KEY. Classic stuff when you develop on single machine, and don't have a "clean setup to test with". Then you'll end up easily with silly stuff like this. I'd guess everyone developing software has been there. But you'll learn from it.

  • Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance - My thoughts: First, this is a long article and probably not very technical one.

  • DoH (DNS over HTTPS) @ Wikipedia - had long discussions with colleagues about performance synergy and protocol multiplexing. Are web-sites going to actually run DNS services using the same services as they use for serving web-pages? Answer is again complex, probably some sites will, but probably most won't. Things are getting really complex. Of course this is easy if you've got great team and good front end servers, so you can serve everything from one domain or one domain with static sub-domain or something like that. But world is full of sites which do not have this kind of clear optimized front-end service. H2 push of course allows in case of DoH also pushing DNS information to the browser. Of course next question is if DNS service should be run again on separate infrastructure, servers or by operating system, instead of running everything in web-browser. It's easy to forget that there is other than web-traffic on the internet as well.

  • I've been running some hidden services for quite a long time for friends whom don't want to connect systems directly. That's very nice approach. Yet the low latency is still a problem. We've been planning setting up mix master kind of network over hidden tor services. Where three hidden services are chained, and each of those servers mix messages in buckets, decrypt one layer and forward messages forward to next server. From the end of the "pipe" you can put and get messages during a specific time window. Most of the clients are configured to send and fetch packets at regular intervals. This allows complete privacy in the network. You can't tell who's talking to whom and when. You can only tell the members of the network, if you can track Tor traffic to the end servers. Only drawback is that the system consumes constantly CPU and network resources, even if no messages are being passed. In that case padding is being processed at constant rate. System also limits maximum throughput to the pre-fixed transmission ratio to hide communication patterns. The end points only allow storing / fetching a fixed size block with address.

  • Something different? - Submerged Floating Tunnel and Immersed Tube, a bit different solutions connecting roads crossing long or deep stretches of water than the old fashioned bridges. Let's see if Norway starts to actually build these.