TPM, ESNI, EMV, Matrix, Firefox, Null Hype

  1. Now this TPM / EFS / Firefox / Outlook (@ Wikipedia) crap-o-ware mess sucks so badly, that I'm starting to think that Microsoft has shifted it's focus into ransomware. Some encrypted files seem to be randomly inaccessible, due to unknown reasons. This might also mess up some other applications, which consider unable to read file, as file is missing. It seems that they've really f-ed this stuff up as well. Files are often unreadable, thanks to EFS. All ACL (@ Wikipedia) / EFS information seems to be configured similarly for all files, yet some files in directory are readable and some others aren't.

  2. I just also noticed that Microsoft update also messed up even more IPv6 settings than I previously noticed. Thank you for this beeping stuff again.

  3. Firefox ESNI (@ Wikipedia) is still broken in version 79. This is really slow progress, I would have though they would have fixed it like ASAP. I fully agree with the views that DoH and ESNI aren't related features. Using DoH (@ Wikipedia) or not, shouldn't affect ESNI at all. (It's still broken two years later! Version: 92)

  4. Is Your Chip Card Secure? Much Depends on Where You Bank (@ krebsonsecurity.com) - Yet another worrying example, if even banks can't implement security correctly, who can? I've seen all kind of horrible security issues, but these always make me wonder. kw: EMV

  5. Disabling Snaps in Ubuntu 20.04 (@ www.kevin-custer.com) Awesome instructions how to get rid of way annoying snaps with Ubuntu. - Thank you so much! (And I'm not even trolling this time!)

  6. Moved lot of notifications from email to Matrix (@ Wikipedia). This is just much better way to deliver some of the notifications, which the admin should be actually interested about. It's also easy to create different rooms, and manage users in those rooms. Much better management options, than with the Email and using mailing / delivery lists. - I've also created Matrix bot, which can handle certain requests. Yet the power of these requests is highly limited, the channel security prevents using it for anything critical, even if it's really handy. - Yet during the process there were some strange federation issues, where only some of the users would see the messages, but not all members of the room. Even if some of the messages posted by the user itself, were visible to all other users. - Highly confusing and gives easily very bad UX.

  7. Firefox on Android lost it's keyword feature in update. Really annoying, I used the keyword feature all the time, allowing instant access to multiple services with custom parameters. It also was one way of accessing APIs without any user interfaces, using the address bar alone. And now it's gone. Blah!

  8. Added some hash or comparison based verification to some scripts, as sanity check, to prevent serious malfunction. Basic stuff, but not always present, even if it should. Made actually for different implementations. Fish-shell, bash, cmd and powershell, all of the versions work and provide same comparisons and warnings, either against cryptographic signature, hash or comparison against another file. - Done

  9. Listened podcast Null Hype (@ null-hype.com) First interesting episode was Episode 5: Messing With Lives By Using Technology. Which covers many topics and methods which techsavvy people have used, and could and would use to mess things. And lots of talk about basic infosec and opsec, from daily life perspective. Also Episode 6 was awesome. Because in this cast they clearly said, that it's ridiculous that Chinese spying is bad, but "American spying" is good? Ahem, what? Of course spying is spying, American spying isn't inherently any better or safer than Chinese spying.

  10. As soon as I mentioned that Matrix is good, I've been seeing issues, where message are undelivered or delayed for several days. Interestingly this problem doesn't happen between client and server, which is the usual fail vector, ie. push to client fails. But between servers on federation level. Ahem, how this just started to feel like email, everything's broken. - So classic, everyone's pointing at each other, saying that it's not us, it's just you. Yet nothing is working. - Pretty standard, and always as enraging as possible. - There's nothing wrong, it just isn't working. Boom! Good thing is that all good Matrix client provide e2ee (@ Wikipedia) out of box, yet it presents it's own problems like Unable to Decrypt due to lack of decryption keys at times.

  11. Final note on posting date: Google S-hit-es is still broken with it's saving feature. Often losing changes. Amazing work trolling users.

2021-09-19