Tor, HTTPS, IPv6, Twitter, Email, CF, TLD
Tor, HTTPS, IPv6, Twitter, Email, CF, TLD
- Now it's official. Tor Browser project recommends doing exactly what I recommended based on my experience. If signed extensions are causing problems, just disable signature verification and we're good. This is gold! Because I've seen everyone doing this over and over again, and nobody EVER asks you to turn the signature verification back again. Like NEVER EVER!
- Very nice indeed, the newest HTTPS Everywhere update fixes the issue I were complaining about. Now via the add-on icon, you can also view the stable additional rules, which were earlier hidden. Great. Also the icon has been changed, earlier it was red when (Encrypt All Sites Eligible) EASE mode was on, now it just inverts from normal mode where there blue and white colors, to white and blue colors. Good work, I like that update. Yet the option for temporary rules (which are stored only in memory and lost when browser session terminates) is still missing. Latest version even turns red, when you're completely blocking all non-encrypted requests.
- Classic topic SSL certificates, mind blown. People nicely mess up all the features, certificate pinning, "commercial certificate" especially this one makes me laugh every time, need to install "root certificates", what does self-signed certificate practically mean, client certificates, access control. Mind gets blown over and over again with these discussions. Only thing we can conclude from this is that security is expensive, wastes lot of time, and makes systems unreliable. - Isn't it so that commercial certificates are much more secure than free certificates? Right? - Using a free certificate makes service very vulnerable. - No threat models described? Yawn.
- Windows Server IPv6 networking issues. I don't know why IPv6 RandomizedIdentifiers gets always turned on, even if you disable id. It leads networking to get broken so that no outbound connections can be made. Luckily with static IPv6 address inbound connections still do work, which is often enough for a server. Yet nobody seems to know, there are vague references that it might be a problem with driver or so, who knows. I guess I'll have to go with classic solution, ie. startup script which fixes system settings which simply just won't get persist.
- When opening links from Twitter, for some interesting (or more like frustrating) reason Firefox on Android often hangs, it simply stops loading any pages until process is completely restated. Because it's not a crash, it's a hang, I'm pretty sure they don't consider it a bad issue, but it's really annoying, because "restarting application" in Android isn't always that clear for all users.
- Read a long article about how impossible it's to deliver email nowadays. Because some services, like Gmail and Outlook just simply reject, or black hole messages without acknowledging anyone. This development has made email and SMTP really unreliable protocol unfortunately to reach anyone. Sending email doesn't mean that the recipient would ever see the message, even if they're checking their spam folder. This is not news. That's why some of the important email addresses I'm receiving email to, got zero filtration. Because I don't want malfunctioning filter to reject potentially important messages. It should be also worth of noting that the email providers like Gmail and Outlook are unreliable email service providers. As it seems and is acknowledged, I'm really not the only one suffering from this development, or should we say degradation.
- CF firewall - I like the ASN based blocking, also country based blocking is often very useful and handy. Of course these rules are updated in fully automatic way.
- Long discussion about TLDs. Does .com mean authentic and something else like .info, .net, .org, .eu, or maybe .io mean that it's a fake? Also definition of authentic and fake is often something really ridiculous. Of course in some cases, it's very specifically specified what's authentic and what's not. But in some cases, oh well. This could go on. Clothing, software, brands, and so on. Anyway, there's no simple answer, every case needs to be studied separately. Major problem is that people stupidly (?) expect something. Authentic Jeans? Authentic Car? Fake Car? And so on. This happens over and over again. Every discussion is entertaining, it's just like are passwords good or bad and how those should be protected and if recovery is needed and so on. What's the point of good password if it can be trivially circumvented using badly implemented recovery and so on. Never ending definition, trust discussion.